The OAuth Single Sign On Free WordPress plugin prior to 6.24.2, OAuth Single Sign On Standard WordPress plugin prior to 28.4.9, OAuth Single Sign On Premium WordPress plugin prior to 38.4.9 and OAuth Single Sign On Enterprise WordPress plugin prior to 48.4.9 do not have CSRF checks when deleting Identity Providers (IdP), which could allow malicious users to make logged in admins delete arbitrary IdP via a CSRF attack
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
miniorange oauth single sign on |