Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for OAuth Single Sign On – SSO (OAuth Client) by Unknown

    CVE-2022-2133 (GCVE-0-2022-2133)

    Vulnerability from nvd – Published: 2022-07-17 10:36 – Updated: 2024-08-03 00:24
    VLAI
    Title
    OAuth Single Sign On < 6.22.6 - Authentication Bypass
    Summary
    The OAuth Single Sign On WordPress plugin before 6.22.6 doesn't validate that OAuth access token requests are legitimate, which allows attackers to log onto the site with the only knowledge of a user's email address.
    Severity
    No CVSS data available.
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    References
    Impacted products
    Vendor Product Version
    Unknown OAuth Single Sign On – SSO (OAuth Client) Affected: 6.22.6 , < 6.22.6 (custom)
    Create a notification for this product.
    Credits
    Lana Codes
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:24:44.224Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/e76939ca-180f-4472-a26a-e0c36cfd32de"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "OAuth Single Sign On \u2013 SSO (OAuth Client)",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "6.22.6",
                  "status": "affected",
                  "version": "6.22.6",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Lana Codes"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The OAuth Single Sign On WordPress plugin before 6.22.6 doesn\u0027t validate that OAuth access token requests are legitimate, which allows attackers to log onto the site with the only knowledge of a user\u0027s email address."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287 Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-17T10:36:17.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/e76939ca-180f-4472-a26a-e0c36cfd32de"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "OAuth Single Sign On \u003c 6.22.6 - Authentication Bypass",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2022-2133",
              "STATE": "PUBLIC",
              "TITLE": "OAuth Single Sign On \u003c 6.22.6 - Authentication Bypass"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "OAuth Single Sign On \u2013 SSO (OAuth Client)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "6.22.6",
                                "version_value": "6.22.6"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Lana Codes"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The OAuth Single Sign On WordPress plugin before 6.22.6 doesn\u0027t validate that OAuth access token requests are legitimate, which allows attackers to log onto the site with the only knowledge of a user\u0027s email address."
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-287 Improper Authentication"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/e76939ca-180f-4472-a26a-e0c36cfd32de",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/e76939ca-180f-4472-a26a-e0c36cfd32de"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2022-2133",
        "datePublished": "2022-07-17T10:36:17.000Z",
        "dateReserved": "2022-06-20T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:24:44.224Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-2133 (GCVE-0-2022-2133)

    Vulnerability from cvelistv5 – Published: 2022-07-17 10:36 – Updated: 2024-08-03 00:24
    VLAI
    Title
    OAuth Single Sign On < 6.22.6 - Authentication Bypass
    Summary
    The OAuth Single Sign On WordPress plugin before 6.22.6 doesn't validate that OAuth access token requests are legitimate, which allows attackers to log onto the site with the only knowledge of a user's email address.
    Severity
    No CVSS data available.
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    References
    Impacted products
    Vendor Product Version
    Unknown OAuth Single Sign On – SSO (OAuth Client) Affected: 6.22.6 , < 6.22.6 (custom)
    Create a notification for this product.
    Credits
    Lana Codes
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:24:44.224Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/e76939ca-180f-4472-a26a-e0c36cfd32de"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "OAuth Single Sign On \u2013 SSO (OAuth Client)",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "6.22.6",
                  "status": "affected",
                  "version": "6.22.6",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Lana Codes"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The OAuth Single Sign On WordPress plugin before 6.22.6 doesn\u0027t validate that OAuth access token requests are legitimate, which allows attackers to log onto the site with the only knowledge of a user\u0027s email address."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287 Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-17T10:36:17.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/e76939ca-180f-4472-a26a-e0c36cfd32de"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "OAuth Single Sign On \u003c 6.22.6 - Authentication Bypass",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2022-2133",
              "STATE": "PUBLIC",
              "TITLE": "OAuth Single Sign On \u003c 6.22.6 - Authentication Bypass"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "OAuth Single Sign On \u2013 SSO (OAuth Client)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "6.22.6",
                                "version_value": "6.22.6"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Lana Codes"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The OAuth Single Sign On WordPress plugin before 6.22.6 doesn\u0027t validate that OAuth access token requests are legitimate, which allows attackers to log onto the site with the only knowledge of a user\u0027s email address."
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-287 Improper Authentication"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/e76939ca-180f-4472-a26a-e0c36cfd32de",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/e76939ca-180f-4472-a26a-e0c36cfd32de"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2022-2133",
        "datePublished": "2022-07-17T10:36:17.000Z",
        "dateReserved": "2022-06-20T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:24:44.224Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }