Cyberlord92 Oauth Single Sign On Sso vulnerabilities
4 known vulnerabilities affecting cyberlord92/oauth_single_sign_on_sso.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2025-9485P2CRITICALCVSS 9.8≤ 6.26.122025-10-04
CVE-2025-9485 [CRITICAL] CWE-347 CVE-2025-9485: The OAuth Single Sign On – SSO (OAuth Client) plugin for WordPress is vulnerable to Improper Verific
The OAuth Single Sign On – SSO (OAuth Client) plugin for WordPress is vulnerable to Improper Verification of Cryptographic Signature in versions up to, and including, 6.26.12. This is due to the plugin performing unsafe JWT token processing without verification or validation in the `get_resource_owner_from_id_token` function. This makes it possible
nvd
CVE-2024-10111P3HIGHCVSS 8.1≤ 6.26.32024-12-12
CVE-2024-10111 [HIGH] CWE-287 CVE-2024-10111: The OAuth Single Sign On – SSO (OAuth Client) plugin for WordPress is vulnerable to authentication b
The OAuth Single Sign On – SSO (OAuth Client) plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.26.3. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as a
nvd
CVE-2025-10753P4MEDIUMCVSS 5.3≤ 6.26.142026-02-06
CVE-2025-10753 [MEDIUM] CWE-862 CVE-2025-10753: The OAuth Single Sign On – SSO (OAuth Client) plugin for WordPress is vulnerable to unauthorized acc
The OAuth Single Sign On – SSO (OAuth Client) plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 6.26.14. This is due to missing capability checks and authentication verification on the OAuth redirect functionality accessible via the 'oauthredirect' option parameter. This makes it possible for unauthentic
nvd
CVE-2025-10752P4MEDIUMCVSS 4.3≤ 6.26.122025-09-26
CVE-2025-10752 [MEDIUM] CWE-352 CVE-2025-10752: The OAuth Single Sign On – SSO (OAuth Client) plugin for WordPress is vulnerable to Cross-Site Reque
The OAuth Single Sign On – SSO (OAuth Client) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.26.12. This is due to using a predictable state parameter (base64 encoded app name) without any randomness in the OAuth flow. This makes it possible for unauthenticated attackers to forge OAuth author
nvd