The plugin contains an Auth Bypass vulnerability due to a missing capability check in the oauthconfig action, which makes it possible for unauthenticated attackers to update the OAuth endpoints, which leads to authentication bypass. To bypass authentication, the attacker only needs to know the user's email address. Depending on the obtained email address, the attacker may even get an administrator role on the client's website.