Vulnerabilities > CVE-2023-1092 - Unspecified vulnerability in Miniorange Oauth Single Sign on

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

miniorange

NVD

Published: 2023-03-27

Updated: 2023-11-07

Summary

The OAuth Single Sign On Free WordPress plugin before 6.24.2, OAuth Single Sign On Standard WordPress plugin before 28.4.9, OAuth Single Sign On Premium WordPress plugin before 38.4.9 and OAuth Single Sign On Enterprise WordPress plugin before 48.4.9 do not have CSRF checks when deleting Identity Providers (IdP), which could allow attackers to make logged in admins delete arbitrary IdP via a CSRF attack

Vulnerable Configurations

Part	Description	Count
Application	Miniorange Miniorange Oauth Single Sign ON -	4

References

https://wpscan.com/vulnerability/52e29f16-b6dd-4132-9bb8-ad10bd3c39d7
https://wpscan.com/vulnerability/5eb85df5-8aab-4f30-a401-f776a310b09c
https://wpscan.com/vulnerability/8fbf7efe-0bf2-42c6-aef1-7fcf2708b31b
https://wpscan.com/vulnerability/f6e165d9-2193-4c76-ae2d-618a739fe4fb