Vulnerability Description
The OAuth Single Sign On Free WordPress plugin before 6.24.2, OAuth Single Sign On Standard WordPress plugin before 28.4.9, OAuth Single Sign On Premium WordPress plugin before 38.4.9 and OAuth Single Sign On Enterprise WordPress plugin before 48.4.9 do not have CSRF checks when deleting Identity Providers (IdP), which could allow attackers to make logged in admins delete arbitrary IdP via a CSRF attack
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Miniorange | Oauth Single Sign On | < 6.24.2 |
References
- https://wpscan.com/vulnerability/52e29f16-b6dd-4132-9bb8-ad10bd3c39d7ExploitThird Party Advisory
- https://wpscan.com/vulnerability/5eb85df5-8aab-4f30-a401-f776a310b09cExploitThird Party Advisory
- https://wpscan.com/vulnerability/8fbf7efe-0bf2-42c6-aef1-7fcf2708b31bExploitThird Party Advisory
- https://wpscan.com/vulnerability/f6e165d9-2193-4c76-ae2d-618a739fe4fbExploitThird Party Advisory
- https://wpscan.com/vulnerability/52e29f16-b6dd-4132-9bb8-ad10bd3c39d7ExploitThird Party Advisory
- https://wpscan.com/vulnerability/5eb85df5-8aab-4f30-a401-f776a310b09cExploitThird Party Advisory
- https://wpscan.com/vulnerability/8fbf7efe-0bf2-42c6-aef1-7fcf2708b31bExploitThird Party Advisory
- https://wpscan.com/vulnerability/f6e165d9-2193-4c76-ae2d-618a739fe4fbExploitThird Party Advisory
FAQ
What is CVE-2023-1092?
CVE-2023-1092 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The OAuth Single Sign On Free WordPress plugin before 6.24.2, OAuth Single Sign On Standard WordPress plugin before 28.4.9, OAuth Single Sign On Premium WordPress plugin before 38.4.9 and OAuth Single...
How severe is CVE-2023-1092?
CVE-2023-1092 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-1092?
Check the references section above for vendor advisories and patch information. Affected products include: Miniorange Oauth Single Sign On.