Description
WordPress Plugin OAuth client Single Sign On for WordPress (OAuth 2.0 SSO) is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently update plugins's settings. WordPress Plugin OAuth client Single Sign On for WordPress (OAuth 2.0 SSO) version 3.0.3 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 3.0.4 or latest
References
https://sploitus.com/exploit?id=WPEX-ID:55B83CEE-A8A5-4F9D-A976-A3EED9A558E5
https://plugins.svn.wordpress.org/oauth-client-for-user-authentication/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin Nested Pages Cross-Site Scripting (1.6.5.2)
SharePoint Deserialization of Untrusted Data Vulnerability (CVE-2025-30382)
Sqlite Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-19925)
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-45038)
Sqlite Integer Overflow or Wraparound Vulnerability (CVE-2025-29087)