CVE-2022-2133

Summary

The OAuth Single Sign On WordPress plugin before 6.22.6 doesn't validate that OAuth access token requests are legitimate, which allows attackers to log onto the site with the only knowledge of a user's email address.

Affected Software

VendorProductVersion RangeStatus
UnknownOAuth Single Sign On – SSO (OAuth Client)6.22.6 < 6.22.6affected

Weaknesses

  • CWE-287: CWE-287 Improper Authentication

ADP Enrichment

CVE Program Container

Additional References

References