Description
WordPress Plugin OAuth Single Sign On-SSO (OAuth Client) is prone to multiple cross-site request forgery vulnerabilities. Exploiting these issues may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application; other attacks are also possible. WordPress Plugin OAuth Single Sign On-SSO (OAuth Client) version 6.24.1 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 6.24.2 or latest
References
https://sploitus.com/exploit?id=WPEX-ID:8FBF7EFE-0BF2-42C6-AEF1-7FCF2708B31B
https://sploitus.com/exploit?id=WPEX-ID:1E13B9EA-A3EF-483B-B967-6EC14BD6D54D
https://plugins.svn.wordpress.org/miniorange-login-with-eve-online-google-facebook/trunk/readme.txt
Related Vulnerabilities
ZenCart Inclusion of Functionality from Untrusted Control Sphere Vulnerability (CVE-2024-5762)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2079)
WordPress Plugin Social Sharing-Sassy Social Share Cross-Site Scripting (3.3.44)
WordPress Plugin WordPress Photo Gallery by Gallery Bank Cross-Site Scripting (3.0.69)