OAuth Single Sign On – SSO (OAuth Client)

5.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Description

The OAuth Single Sign On – SSO (OAuth Client) plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 6.26.14. This is due to missing capability checks and authentication verification on the OAuth redirect functionality accessible via the 'oauthredirect' option parameter. This makes it possible for unauthenticated attackers to set the global redirect URL option via the redirect_url parameter granted they can access the site directly.

Basic Information

ID CVE-2025-10753

Source Wordfence

Published Feb 6, 2026 at 06:46

Affected Product

Vendor cyberlord92

Product OAuth Single Sign On – SSO (OAuth Client)

Version *

Affected Versions cyberlord92 OAuth Single Sign On – SSO (OAuth Client) *

CWE Classification

CWE-862

References

{
    "lastseen": "",
    "description": "The OAuth Single Sign On \u2013 SSO (OAuth Client) plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 6.26.14. This is due to missing capability checks and authentication verification on the OAuth redirect functionality accessible via the 'oauthredirect' option parameter. This makes it possible for unauthenticated attackers to set the global redirect URL option via the redirect_url parameter granted they can access the site directly.",
    "published": "2026-02-06T06:46:30.162Z",
    "modified": "2026-02-06T06:46:30.162Z",
    "type": "cve",
    "title": "OAuth Single Sign On \u2013 SSO (OAuth Client) <= 6.26.14 - Missing Authorization",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/915e1a6e-ad9c-4849-8ae0-3ded18720a1f?source=cve\nhttps://plugins.trac.wordpress.org/browser/miniorange-login-with-eve-online-google-facebook/tags/6.26.12/class-mooauth-widget.php#L260\nhttps://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3399223%40miniorange-login-with-eve-online-google-facebook&new=3399223%40miniorange-login-with-eve-online-google-facebook&sfp_email=&sfph_mail=",
    "id": "CVE-2025-10753",
    "bulletinFamily": "",
    "cwe": [
        "CWE-862"
    ],
    "cvelist": null,
    "sourceData": "cyberlord92 OAuth Single Sign On \u2013 SSO (OAuth Client) *",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "OAuth Single Sign On \u2013 SSO (OAuth Client)",
    "version": "*",
    "vendor": "cyberlord92",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

OAuth Single Sign On – SSO (OAuth Client) <= 6.26.14 - Missing Authorization_CVE-2025-10753