WordPress OAuth Single Sign On – SSO (OAuth Client) Plugin <= 6.23.3 is vulnerable to Broken Authentication
CVE-2022-34155

8.8HIGH

Key Information:

Vendor: WordPress
Status: Oauth Single Sign On – Sso (oauth Client)
Vendor: CVE Published:; 18 July 2023

Summary

The miniOrange OAuth Single Sign On – SSO (OAuth Client) plugin contains an improper authentication vulnerability that allows unauthorized access due to a failure in the authentication process. This flaw permits attackers to bypass the intended authentication measures, potentially exposing sensitive information and compromising the security of the affected WordPress installations. Users are encouraged to update to the latest version to mitigate this risk.

Affected Version(s)

OAuth Single Sign On – SSO (OAuth Client) <= 6.23.3

References

https://patchstack.com/database/vulnerability/miniorange-...

vdb-entry

https://lana.codes/lanavdb/071fa6eb-2e54-43a1-b37f-1e5629...

third-party-advisorytechnical-description

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 18, 2023
Vulnerability Reserved
Jun 30, 2022

Credit

Lana Codes (Patchstack Alliance)