Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for OAuth Single Sign On – SSO (OAuth Client) by Unknown
CVE-2022-2133 (GCVE-0-2022-2133)
Vulnerability from nvd – Published: 2022-07-17 10:36 – Updated: 2024-08-03 00:24
VLAI?
Title
OAuth Single Sign On < 6.22.6 - Authentication Bypass
Summary
The OAuth Single Sign On WordPress plugin before 6.22.6 doesn't validate that OAuth access token requests are legitimate, which allows attackers to log onto the site with the only knowledge of a user's email address.
Severity ?
No CVSS data available.
CWE
- CWE-287 - Improper Authentication
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | OAuth Single Sign On – SSO (OAuth Client) |
Affected:
6.22.6 , < 6.22.6
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.224Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/e76939ca-180f-4472-a26a-e0c36cfd32de"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OAuth Single Sign On \u2013 SSO (OAuth Client)",
"vendor": "Unknown",
"versions": [
{
"lessThan": "6.22.6",
"status": "affected",
"version": "6.22.6",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lana Codes"
}
],
"descriptions": [
{
"lang": "en",
"value": "The OAuth Single Sign On WordPress plugin before 6.22.6 doesn\u0027t validate that OAuth access token requests are legitimate, which allows attackers to log onto the site with the only knowledge of a user\u0027s email address."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-17T10:36:17.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/e76939ca-180f-4472-a26a-e0c36cfd32de"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "OAuth Single Sign On \u003c 6.22.6 - Authentication Bypass",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-2133",
"STATE": "PUBLIC",
"TITLE": "OAuth Single Sign On \u003c 6.22.6 - Authentication Bypass"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OAuth Single Sign On \u2013 SSO (OAuth Client)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.22.6",
"version_value": "6.22.6"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lana Codes"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The OAuth Single Sign On WordPress plugin before 6.22.6 doesn\u0027t validate that OAuth access token requests are legitimate, which allows attackers to log onto the site with the only knowledge of a user\u0027s email address."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/e76939ca-180f-4472-a26a-e0c36cfd32de",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/e76939ca-180f-4472-a26a-e0c36cfd32de"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-2133",
"datePublished": "2022-07-17T10:36:17.000Z",
"dateReserved": "2022-06-20T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:24:44.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2133 (GCVE-0-2022-2133)
Vulnerability from cvelistv5 – Published: 2022-07-17 10:36 – Updated: 2024-08-03 00:24
VLAI?
Title
OAuth Single Sign On < 6.22.6 - Authentication Bypass
Summary
The OAuth Single Sign On WordPress plugin before 6.22.6 doesn't validate that OAuth access token requests are legitimate, which allows attackers to log onto the site with the only knowledge of a user's email address.
Severity ?
No CVSS data available.
CWE
- CWE-287 - Improper Authentication
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | OAuth Single Sign On – SSO (OAuth Client) |
Affected:
6.22.6 , < 6.22.6
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.224Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/e76939ca-180f-4472-a26a-e0c36cfd32de"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OAuth Single Sign On \u2013 SSO (OAuth Client)",
"vendor": "Unknown",
"versions": [
{
"lessThan": "6.22.6",
"status": "affected",
"version": "6.22.6",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lana Codes"
}
],
"descriptions": [
{
"lang": "en",
"value": "The OAuth Single Sign On WordPress plugin before 6.22.6 doesn\u0027t validate that OAuth access token requests are legitimate, which allows attackers to log onto the site with the only knowledge of a user\u0027s email address."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-17T10:36:17.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/e76939ca-180f-4472-a26a-e0c36cfd32de"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "OAuth Single Sign On \u003c 6.22.6 - Authentication Bypass",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-2133",
"STATE": "PUBLIC",
"TITLE": "OAuth Single Sign On \u003c 6.22.6 - Authentication Bypass"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OAuth Single Sign On \u2013 SSO (OAuth Client)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.22.6",
"version_value": "6.22.6"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lana Codes"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The OAuth Single Sign On WordPress plugin before 6.22.6 doesn\u0027t validate that OAuth access token requests are legitimate, which allows attackers to log onto the site with the only knowledge of a user\u0027s email address."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/e76939ca-180f-4472-a26a-e0c36cfd32de",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/e76939ca-180f-4472-a26a-e0c36cfd32de"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-2133",
"datePublished": "2022-07-17T10:36:17.000Z",
"dateReserved": "2022-06-20T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:24:44.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}