CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS
Percentile
47.5%
The OAuth Single Sign On Free WordPress plugin before 6.24.2, OAuth Single Sign On Standard WordPress plugin before 28.4.9, OAuth Single Sign On Premium WordPress plugin before 38.4.9 and OAuth Single Sign On Enterprise WordPress plugin before 48.4.9 do not have CSRF checks when deleting Identity Providers (IdP), which could allow attackers to make logged in admins delete arbitrary IdP via a CSRF attack
Vendor | Product | Version | CPE |
---|---|---|---|
miniorange | oauth_single_sign_on | * | cpe:2.3:a:miniorange:oauth_single_sign_on:*:*:*:*:free:wordpress:*:* |
miniorange | oauth_single_sign_on | * | cpe:2.3:a:miniorange:oauth_single_sign_on:*:*:*:*:standard:wordpress:*:* |
miniorange | oauth_single_sign_on | * | cpe:2.3:a:miniorange:oauth_single_sign_on:*:*:*:*:premium:wordpress:*:* |
miniorange | oauth_single_sign_on | * | cpe:2.3:a:miniorange:oauth_single_sign_on:*:*:*:*:enterprise:wordpress:*:* |