CVE-2022-3119 – OAuth client Single Sign On for WordPress < 3.0.4 - Unauthenticated Settings Update to Authentication Bypass

https://notcve.org/view.php?id=CVE-2022-3119

The OAuth client Single Sign On WordPress plugin before 3.0.4 does not have authorisation and CSRF when updating its settings, which could allow unauthenticated attackers to update them and change the OAuth endpoints to ones they controls, allowing them to then be authenticated as admin if they know the correct email address El cliente OAuth Single Sign On plugin de WordPress versiones anteriores a 3.0.4, no presenta autorización y de tipo CSRF cuando es actualizada su configuración, lo que podría permitir a atacantes no autenticados actualizarlos y cambiar los endpoints OAuth a los que ellos controlan, permitiéndoles entonces ser autenticados como admin si conocen la dirección de correo electrónico correcta The OAuth client Single Sign On for WordPress ( OAuth 2.0 SSO ) plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the save_oauthclient_config() function that is hooked via 'init' in versions up to, and including, 3.0.3. This makes it possible for unauthenticated attackers to modify the plugin's oAuth settings which could lead to unauthorized and high privileged access to a vulnerable site. • https://wpscan.com/vulnerability/55b83cee-a8a5-4f9d-a976-a3eed9a558e5 • CWE-287: Improper Authentication CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •