WordPress OAuth Single Sign On – SSO (OAuth Client) Plugin <= 6.23.3 is vulnerable to Broken Authentication
CVE-2022-34155
8.8HIGH
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 18 July 2023
What is CVE-2022-34155?
The miniOrange OAuth Single Sign On – SSO (OAuth Client) plugin contains an improper authentication vulnerability that allows unauthorized access due to a failure in the authentication process. This flaw permits attackers to bypass the intended authentication measures, potentially exposing sensitive information and compromising the security of the affected WordPress installations. Users are encouraged to update to the latest version to mitigate this risk.
Affected Version(s)
OAuth Single Sign On – SSO (OAuth Client) <= 6.23.3