Description
WordPress Plugin OAuth client Single Sign On for WordPress (OAuth 2.0 SSO) is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently update plugins's settings. WordPress Plugin OAuth client Single Sign On for WordPress (OAuth 2.0 SSO) version 3.0.3 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 3.0.4 or latest
References
https://sploitus.com/exploit?id=WPEX-ID:55B83CEE-A8A5-4F9D-A976-A3EED9A558E5
https://plugins.svn.wordpress.org/oauth-client-for-user-authentication/trunk/readme.txt
Related Vulnerabilities
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-3481)
NuSOAP Improper Certificate Validation Vulnerability (CVE-2012-6071)
Craft CMS Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2021-41824)
WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery Cross-Site Scripting (1.5.68)