The OAuth Single Sign On WordPress plugin prior to 6.24.2 does not have CSRF checks when discarding Identify providers (IdP), which could allow malicious users to make logged in admins delete all IdP via a CSRF attack
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
miniorange oauth single sign on |