[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fUulc3sQWa9CCH3E0EsWoMiV0y4kPEi74bA5VpgcXlzw":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20},"CVE-2022-3119","oauth-client-single-sign-on-for-wordpress-oauth-sso-missing-authorization","OAuth client Single Sign On for WordPress ( OAuth 2.0 SSO ) \u003C= 3.0.3 - Missing Authorization","The OAuth client Single Sign On for WordPress ( OAuth 2.0 SSO ) plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the save_oauthclient_config() function that is hooked via 'init' in versions up to, and including, 3.0.3. This makes it possible for unauthenticated attackers to modify the plugin's oAuth settings which could lead to unauthorized and high privileged access to a vulnerable site.","oauth-client-for-user-authentication",null,"\u003C=3.0.3","3.0.4","high",7.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:L\u002FI:L\u002FA:L","Missing Authorization","2022-08-23 00:00:00","2024-01-22 19:56:02",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fb028a70d-f103-4232-b854-17b88d4dc7d9?source=api-prod",518]