cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-10111,https://securityvulnerability.io/vulnerability/CVE-2024-10111,Authentication Bypass Vulnerability Affects WordPress Sites Using OAuth Client Plugin,"The OAuth Single Sign On – SSO (OAuth Client) plugin for WordPress is vulnerable to an authentication bypass due to inadequate verification of the user returning from a social login token. This vulnerability affects all versions up to and including 6.26.3. Consequently, unauthenticated attackers can gain unauthorized access, logging in as any existing user on the platform, which potentially includes roles with administrative privileges. The flaw arises when the plugin does not properly validate users who authenticate through various social platforms, allowing access to accounts even if the attacker does not possess legitimate authentication credentials.",Wordpress,Oauth Single Sign On – Sso (oauth Client),8.1,HIGH,0.000910000002477318,false,,false,false,false,,false,false,2024-12-12T03:23:10.001Z,0
CVE-2022-3119,https://securityvulnerability.io/vulnerability/CVE-2022-3119,OAuth client Single Sign On for WordPress < 3.0.4 - Unauthenticated Settings Update to Authentication Bypass,"The OAuth client Single Sign On WordPress plugin before 3.0.4 does not have authorisation and CSRF when updating its settings, which could allow unauthenticated attackers to update them and change the OAuth endpoints to ones they controls, allowing them to then be authenticated as admin if they know the correct email address",Wordpress,Oauth Client Single Sign On For WordPress ( Oauth 2.0 Sso ),7.5,HIGH,0.0009699999936856329,false,,false,false,false,,false,false,2022-09-26T12:35:44.000Z,0
CVE-2022-2133,https://securityvulnerability.io/vulnerability/CVE-2022-2133,OAuth Single Sign On < 6.22.6 - Authentication Bypass,"The OAuth Single Sign On WordPress plugin before 6.22.6 doesn't validate that OAuth access token requests are legitimate, which allows attackers to log onto the site with the only knowledge of a user's email address.",Wordpress,Oauth Single Sign On – Sso (oauth Client),5.3,MEDIUM,0.0007699999841861427,false,,false,false,false,,false,false,2022-07-17T10:36:17.000Z,0