cleantalk
Vulnerabilities and Security Researches

OAuth client Single Sign On for WordPress ( OAuth 2.0 SSO ), CVE-2022-3119

CVE, Research URL

CVE-2022-3119

Home page URL

Security reports for OAuth client Single Sign On for WordPress ( OAuth 2.0 SSO )

Application

OAuth client Single Sign On for WordPress ( OAuth 2.0 SSO )

Published on
Sep 26, 2022
Research Description
The OAuth client Single Sign On WordPress plugin before 3.0.4 does not have authorisation and CSRF when updating its settings, which could allow unauthenticated attackers to update them and change the OAuth endpoints to ones they controls, allowing them to then be authenticated as admin if they know the correct email address
Affected versions
max 3.0.4.
Status
vulnerable
Previous vulnerability researches
OAuth client Single Sign On for WordPress ( OAuth 2.0 SSO ) (ebc129d7855446f1b4ea794ee62482115be97075) , Jun 16, 2026
OAuth client Single Sign On for WordPress ( OAuth 2.0 SSO ) (CVE-2022-3119) , Jun 07, 2024
New vulnerability
leenk.me (753d31765913b4d2dbb8af0a5512e5f1f8c70c61) , Jun 16, 2026
Social Hashtags (5abd4657-8a58-4d97-b8cb-b67235ab5b8a) , Jun 16, 2026
Social Hashtags (1965c7b04565befbb11c28b56cb6922733a47b03) , Jun 16, 2026
Social Hashtags (a7cf6766582e354e702766a86f85716127d19bdc) , Jun 16, 2026
Simple Calendar – Google Calendar Plugin (e98a6264-9c5a-417f-b2f8-bd0017b411a0) , Jun 16, 2026