Description
WordPress Plugin OAuth client Single Sign On for WordPress (OAuth 2.0 SSO) is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently update plugins's settings. WordPress Plugin OAuth client Single Sign On for WordPress (OAuth 2.0 SSO) version 3.0.3 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 3.0.4 or latest
References
https://sploitus.com/exploit?id=WPEX-ID:55B83CEE-A8A5-4F9D-A976-A3EED9A558E5
https://plugins.svn.wordpress.org/oauth-client-for-user-authentication/trunk/readme.txt
Related Vulnerabilities
Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-8657)
CKEditor Uncontrolled Resource Consumption Vulnerability (CVE-2021-21254)
Atlassian Confluence Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-26072)
Jboss EAP Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2023-1108)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4289)