CVE-2022-3119
Last modified
CVE-2022-3119 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. The OAuth client Single Sign On WordPress plugin before 3.0.4 does not have authorisation and CSRF when updating its settings, which could allow unauthenticated attackers to update them and change the OAuth endpoints to ones they controls, allowing them to then be authenticated as admin if they know the correct email address. EPSS estimates a 0.36% chance of exploitation in the next 30 days.
Description
The OAuth client Single Sign On WordPress plugin before 3.0.4 does not have authorisation and CSRF when updating its settings, which could allow unauthenticated attackers to update them and change the OAuth endpoints to ones they controls, allowing them to then be authenticated as admin if they know the correct email address
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Oauth Client Single Sign On Project | Oauth Client Single Sign On | < 3.0.4 |
References
- https://wpscan.com/vulnerability/55b83cee-a8a5-4f9d-a976-a3eed9a558e5Exploit, Third Party Advisory
- https://wpscan.com/vulnerability/55b83cee-a8a5-4f9d-a976-a3eed9a558e5Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-3119?
How severe is CVE-2022-3119?
How do I fix CVE-2022-3119?
Are you affected by CVE-2022-3119?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST