CVE Vulnerabilities

CVE-2022-2133

Improper Authentication

Published: Jul 17, 2022 | Modified: Jul 18, 2022
CVSS 3.x
5.3
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

The OAuth Single Sign On WordPress plugin before 6.22.6 doesnt validate that OAuth access token requests are legitimate, which allows attackers to log onto the site with the only knowledge of a users email address.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Oauth_single_sign_on Miniorange * *

Potential Mitigations

References