CVE-2022-3119

Name of the Vulnerable Software and Affected Versions OAuth client Single Sign On WordPress plugin versions prior to 3.0.4

Description The issue concerns a lack of authorization and CSRF protection when updating settings in the OAuth client Single Sign On WordPress plugin. This could allow unauthenticated attackers to update the settings, change the OAuth endpoints to ones they control, and potentially authenticate as an admin if they know the correct email address.

Recommendations For versions prior to 3.0.4, update to version 3.0.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's settings page to minimize the risk of exploitation.