Vulnerabilities and security researches foroauth-client-for-user-authentication oauth-client-for-user-authentication

Jun 07, 2024

CVE, Research URL: CVE-2022-3119
Home page URL: Security reports for OAuth client Single Sign On for WordPress ( OAuth 2.0 SSO )
Application: OAuth client Single Sign On for WordPress ( OAuth 2.0 SSO )
Date: Sep 26, 2022
Research Description: The OAuth client Single Sign On WordPress plugin before 3.0.4 does not have authorisation and CSRF when updating its settings, which could allow unauthenticated attackers to update them and change the OAuth endpoints to ones they controls, allowing them to then be authenticated as admin if they know the correct email address
Affected versions: max 3.0.4.
Status: vulnerable

Jun 16, 2026

CVE, Research URL: ebc129d7855446f1b4ea794ee62482115be97075
Home page URL: Security reports for OAuth client Single Sign On for WordPress ( OAuth 2.0 SSO )
Application: OAuth client Single Sign On for WordPress ( OAuth 2.0 SSO )
Date: May 03, 2022
Research Description: OAuth client Single Sign On for WordPress ( OAuth 2.0 SSO ) [oauth-client-for-user-authentication] < 3.0.2 OAuth client Single Sign On for WordPress ( OAuth 2.0 SSO ) <= 3.0.1 - Cross-Site Scripting The OAuth client Single Sign On for WordPress ( OAuth 2.0 SSO ) plugin for WordPress is vulnerable to Cross-Site Scripting via the $key variable in versions up to, and including 3.0.1.
Affected versions: max 3.0.2.
Status: vulnerable