client_secret, that can be used to authenticate to the client's website. Depending on the OAuth server settings, the attacker may even get an administrator role on the client's website. Simple Single Sign On by Dash10 Digital <= 4.1.0 - Auth Bypass
REPORT ID: 4deb2665-f3e5-46d3-958c-0b3435fecdc4
The plugin contains an Auth Bypass vulnerability due to the plugin leaks its OAuth
You need to log in to view the vulnerability details.