PT-2026-6677 · WordPress · Oauth Single Sign On – Sso
Published
2026-02-06
·
Updated
2026-02-06
·
CVE-2025-10753
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
OAuth Single Sign On – SSO (OAuth Client) plugin for WordPress versions prior to 6.26.15
Description
The OAuth Single Sign On – SSO (OAuth Client) plugin for WordPress is susceptible to unauthorized access. This is caused by missing capability checks and authentication verification within the OAuth redirect functionality, specifically through the
oauthredirect option parameter. An unauthenticated attacker can set the global redirect URL option via the redirect url parameter if they have direct access to the site. The vulnerable functionality is accessible via the 'oauthredirect' option parameter.Recommendations
Update the OAuth Single Sign On – SSO (OAuth Client) plugin for WordPress to version 6.26.15 or later.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Oauth Single Sign On – Sso