CVE | CVE-2022-3119 |
CVE Title | |
Published Date | 2022-09-26T13:15Z |
Modified Date | 2022-09-28T16:28Z |
CWE Type | CWE-287 |
CVSS 3.x | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Description | The OAuth client Single Sign On WordPress plugin before 3.0.4 does not have authorisation and CSRF when updating its settings, which could allow unauthenticated attackers to update them and change the OAuth endpoints to ones they controls, allowing them to then be authenticated as admin if they know the correct email address |
References | |
By clicking these links you will leave this website. We do not endorse and will not be held accountable for any activity on external sites. | |
Reference URL | https://wpscan.com/vulnerability/55b83cee-a8a5-4f9d-a976-a3eed9a558e5 |
Reference Description | MISC https://wpscan.com/vulnerability/55b83cee-a8a5-4f9d-a976-a3eed9a558e5 |
Reference Description | |
Tags | Exploit Third Party Advisory |
Sources | NIST MITRE |