CVE-2022-3119 – The OAuth client Single Sign On WordPress plugin before 3.0.4 does not have authorisation …

26 September 2022

Vuln ID: CVE-2022-3119

Published: 2022-09-26 13:15:11Z

Description: The OAuth client Single Sign On WordPress plugin before 3.0.4 does not have authorisation and CSRF when updating its settings, which could allow unauthenticated attackers to update them and change the OAuth endpoints to ones they controls, allowing them to then be authenticated as admin if they know the correct email address

Source: NVD.NIST.GOV

Date:

26 September 2022

Categorie(s):

NVD

Tag(s):

NVD

Top 5 MSP Cyberattacks in 2023/202426 April 2024
Flaws in Chinese keyboard apps leave 750 million users open to snooping, researchers claim26 April 2024
Most people still rely on memory or pen and paper for password management26 April 2024
LSA Whisperer: Open-source tools for interacting with authentication packages26 April 2024
What AI can tell organizations about their M&A risk26 April 2024