oauthconfig action, which makes it possible for unauthenticated attackers to update the OAuth endpoints, which leads to authentication bypass. To bypass authentication, the attacker only needs to know the user's email address. Depending on the obtained email address, the attacker may even get an administrator role on the client's website. OAuth client Single Sign On for WordPress (OAuth 2.0 SSO) by securiseweb <= 3.0.3 - Auth Bypass
REPORT ID: 5e24314d-1f3e-4c31-b672-5df77ab58b67
The plugin contains an Auth Bypass vulnerability due to a missing capability check in the
You need to log in to view the vulnerability details.