Oauth Single Sign On

oauth_single_sign_on

Vendor: Miniorange • 4 CVEs

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-34155 1Miniorange 1Oauth Single Sign On Apr 28, 2026 Jul 18, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Improper Authentication vulnerability in miniOrange OAuth Single Sign On – SSO (OAuth Client) plugin allows Authentication Bypass.This issue affects OAuth Single Sign On – SSO (OAuth Client): from n/a through 6.23.3.
CVE-2023-1093 1Miniorange 1Oauth Single Sign On Feb 19, 2025 Mar 27, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The OAuth Single Sign On WordPress plugin before 6.24.2 does not have CSRF checks when discarding Identify providers (IdP), which could allow attackers to make logged in admins delete all IdP via a CSRF attack
CVE-2023-1092 1Miniorange 1Oauth Single Sign On Feb 19, 2025 Mar 27, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The OAuth Single Sign On Free WordPress plugin before 6.24.2, OAuth Single Sign On Standard WordPress plugin before 28.4.9, OAuth Single Sign On Premium WordPress plugin before 38.4.9 and OAuth Single Sign On Enterprise...Show more The OAuth Single Sign On Free WordPress plugin before 6.24.2, OAuth Single Sign On Standard WordPress plugin before 28.4.9, OAuth Single Sign On Premium WordPress plugin before 38.4.9 and OAuth Single Sign On Enterprise WordPress plugin before 48.4.9 do not have CSRF checks when deleting Identity Providers (IdP), which could allow attackers to make logged in admins delete arbitrary IdP via a CSRF attackShow less
CVE-2022-2133 1Miniorange 1Oauth Single Sign On Nov 21, 2024 Jul 17, 2022 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 The OAuth Single Sign On WordPress plugin before 6.22.6 doesn't validate that OAuth access token requests are legitimate, which allows attackers to log onto the site with the only knowledge of a user's email address.