exploitDog

CVE-2022-3119

Опубликовано: 26 сент. 2022

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

The OAuth client Single Sign On WordPress plugin before 3.0.4 does not have authorisation and CSRF when updating its settings, which could allow unauthenticated attackers to update them and change the OAuth endpoints to ones they controls, allowing them to then be authenticated as admin if they know the correct email address

Ссылки

https://wpscan.com/vulnerability/55b83cee-a8a5-4f9d-a976-a3eed9a558e5
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/55b83cee-a8a5-4f9d-a976-a3eed9a558e5
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:oauth_client_single_sign_on_project:oauth_client_single_sign_on:*:*:*:*:*:wordpress:*:*

Версия до 3.0.4 (исключая)

EPSS

Процентиль: 36%

0.00154

Низкий

7.5 High

CVSS3

Дефекты

CWE-287

Связанные уязвимости

GHSA-wh77-xq95-gvgr

CVSS3: 7.5

github

больше 3 лет назад

The OAuth client Single Sign On WordPress plugin before 3.0.4 does not have authorisation and CSRF when updating its settings, which could allow unauthenticated attackers to update them and change the OAuth endpoints to ones they controls, allowing them to then be authenticated as admin if they know the correct email address

EPSS

Процентиль: 36%

0.00154

Низкий

7.5 High

CVSS3

Дефекты

CWE-287