Vulnerabilities (CVE)

Filtered by vendor Miniorange Subscribe

Filtered by product Oauth Single Sign On

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2022-34155	1 Miniorange	1 Oauth Single Sign On	2023-07-27	N/A	8.8 HIGH
Improper Authentication vulnerability in miniOrange OAuth Single Sign On – SSO (OAuth Client) plugin allows Authentication Bypass.This issue affects OAuth Single Sign On – SSO (OAuth Client): from n/a through 6.23.3.
CVE-2022-2133	1 Miniorange	1 Oauth Single Sign On	2022-07-18	5.0 MEDIUM	5.3 MEDIUM
The OAuth Single Sign On WordPress plugin before 6.22.6 doesn't validate that OAuth access token requests are legitimate, which allows attackers to log onto the site with the only knowledge of a user's email address.