The OAuth Single Sign On WordPress plugin prior to 6.22.6 doesn't validate that OAuth access token requests are legitimate, which allows malicious users to log onto the site with the only knowledge of a user's email address.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
miniorange oauth single sign on |