CVE-2022-34858 – WordPress OAuth 2.0 client for SSO plugin <= 1.11.3 - Authentication Bypass vulnerability

https://notcve.org/view.php?id=CVE-2022-34858

23 Jun 2022 — Authentication Bypass vulnerability in miniOrange OAuth 2.0 client for SSO plugin <= 1.11.3 at WordPress. Una vulnerabilidad de elusión de autenticación en el cliente miniOrange Oauth versión 2.0 para el plugin SSO versiones anteriores a 1.11.3 incluyéndola, en WordPress. The OAuth 2.0 client for SSO plugin for WordPress is vulnerable to authentication bypass in versions up to, and including 1.11.3. This is due to the plugin accepting a user supplied email address that is passed to wp_set_auth_cookie() with... • https://lana.codes/lanavdb/df23b19f-4134-41d3-8cb3-9d44189b461b?_s_id=cve • CWE-288: Authentication Bypass Using an Alternate Path or Channel CWE-306: Missing Authentication for Critical Function •