Site icon API Security Blog

OAuth Single Sign On < 6.22.6 – Authentication Bypass

The plugin doesn’t validate that OAuth access token requests are legitimate, which allows attackers to log onto the site with the only knowledge of a user’s email address.

### PoC

The PoC will be displayed on July 11, 2022, to give users the time to update.Read More

Exit mobile version