The OAuth Single Sign On WordPress plugin before 6.22.6 doesn't validate that OAuth access token requests are legitimate, which allows attackers to log onto the site with the only knowledge of a user's email address.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2022-07-17T10:36:17

Updated: 2024-08-03T00:24:44.224Z

Reserved: 2022-06-20T00:00:00

Link: CVE-2022-2133

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-07-17T11:15:08.837

Modified: 2024-11-21T07:00:23.840

Link: CVE-2022-2133

cve-icon Redhat

No data.