exploitDog

CVE-2022-2133

Опубликовано: 17 июл. 2022

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

The OAuth Single Sign On WordPress plugin before 6.22.6 doesn't validate that OAuth access token requests are legitimate, which allows attackers to log onto the site with the only knowledge of a user's email address.

Ссылки

https://wpscan.com/vulnerability/e76939ca-180f-4472-a26a-e0c36cfd32de
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/e76939ca-180f-4472-a26a-e0c36cfd32de
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:miniorange:oauth_single_sign_on:*:*:*:*:*:wordpress:*:*

Версия до 6.22.6 (исключая)

EPSS

Процентиль: 48%

0.00254

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-c6gx-cr5g-7jhp

CVSS3: 5.3

github

больше 3 лет назад

The OAuth Single Sign On WordPress plugin before 6.22.6 doesn't validate that OAuth access token requests are legitimate, which allows attackers to log onto the site with the only knowledge of a user's email address.

EPSS

Процентиль: 48%

0.00254

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-287