
WordPress OAuth SSO Plugin Flaw Lets Unauthenticated Attackers Gain Admin Access
A critical security flaw in the miniOrange OAuth Single Sign-On (OAuth Client) plugin for WordPress could expose thousands of websites to a complete takeover. Patchstack disclosed the vulnerability on July 9, 2026, warning that it affects all plugin versions up to and including 38.5.8 and that no official patch is currently available. The flaw is […]
The post WordPress OAuth SSO Plugin Flaw Lets Unauthenticated Attackers Gain Admin Access appeared first on Cyber Security News.