CVE-2022-2133
Summary
| CVE | CVE-2022-2133 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-07-17 11:15:00 UTC |
| Updated | 2022-07-18 11:23:00 UTC |
| Description | The OAuth Single Sign On WordPress plugin before 6.22.6 doesn't validate that OAuth access token requests are legitimate, which allows attackers to log onto the site with the only knowledge of a user's email address. |
Risk And Classification
Problem Types: CWE-287
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Miniorange | Oauth Single Sign On | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Attention Required! | Cloudflare | MISC | wpscan.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Lana Codes
There are currently no legacy QID mappings associated with this CVE.