Vulnerabilities > CVE-2022-2133 - Unspecified vulnerability in Miniorange Oauth Single Sign on

047910
CVSS 5.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
NONE
Availability impact
NONE
network
low complexity
miniorange

Summary

The OAuth Single Sign On WordPress plugin before 6.22.6 doesn't validate that OAuth access token requests are legitimate, which allows attackers to log onto the site with the only knowledge of a user's email address.

Vulnerable Configurations

Part Description Count
Application
Miniorange
117