WordPress · The Simple Single Sign On · CVE-2022-2083
**Name of the Vulnerable Software and Affected Versions**
The Simple Single Sign On WordPress plugin versions through 4.1.0
**Description**
The issue allows attackers to gain unauthorized access to the site by leaking its OAuth `client secret`. This could potentially lead to malicious activities.
**Recommendations**
For The Simple Single Sign On WordPress plugin versions through 4.1.0, update to a version later than 4.1.0 to prevent the leak of the OAuth `client secret`. As a temporary workaround, consider restricting access to the OAuth functionality until a patch is available.