Critical WordPress OAuth SSO Plugin Flaw Allows Unauthenticated Attackers to Gain Admin Access

A critical authentication bypass vulnerability has been disclosed in the widely used miniOrange OAuth Single Sign-On (SSO) WordPress plugin, carrying a near-maximum CVSS score of 9.8. This flaw, tracked as CVE-2026-57807, affects all plugin versions up to and including version 38.5.8. As of now, it remains unpatched, with no official fix available from the vendor. […]

The post Critical WordPress OAuth SSO Plugin Flaw Allows Unauthenticated Attackers to Gain Admin Access appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

This article has been indexed from GBHackers Security | #1 Globally Trusted Cyber Security News Platform

Read the original article: