The OAuth Single Sign On plugin for WordPress is not secure in versions up to 6.24.1. This means that someone without permission could make changes to the plugin’s settings if they are able to trick a site administrator into clicking a link. The problem is caused by incorrect validation in the ‘delete’ option of the mooauth_client_applist_page function.
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.
