CVE-2022-2133
N/A
N/A
Summary
The OAuth Single Sign On WordPress plugin before 6.22.6 doesn't validate that OAuth access token requests are legitimate, which allows attackers to log onto the site with the only knowledge of a user's email address.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Unknown | OAuth Single Sign On – SSO (OAuth Client) | 6.22.6 < 6.22.6 | affected |
Weaknesses
- CWE-287: CWE-287 Improper Authentication
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.