Login Sign Up

CVE-2023-1093

6.5 MEDIUM
Authentication Bypass CSRF

📋 TL;DR

This vulnerability in the OAuth Single Sign On WordPress plugin allows attackers to perform Cross-Site Request Forgery (CSRF) attacks against logged-in administrators, potentially causing them to delete all Identity Providers (IdP) without their consent. It affects WordPress sites using the plugin before version 6.24.2. The attack requires the admin to be tricked into visiting a malicious webpage while authenticated.

💻 Affected Systems

Products:
  • OAuth Single Sign On WordPress plugin
Versions: Versions before 6.24.2
Operating Systems: Any OS running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: The vulnerability is present in default configurations of the plugin; no special settings are required for exploitation.

📦 What is this software?

Oauth Single Sign On by Miniorange

View all CVEs affecting Oauth Single Sign On →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could delete all configured Identity Providers, disrupting single sign-on functionality and potentially locking users out of the WordPress site, leading to service downtime and administrative overhead to restore configurations.

🟠

Likely Case

Attackers exploit this to delete IdP configurations, causing temporary authentication issues and requiring manual reconfiguration by administrators, which may result in minor service disruption.

🟢

If Mitigated

With proper CSRF protections or patching, the vulnerability is eliminated, preventing unauthorized deletions and ensuring IdP configurations remain intact.

🌐 Internet-Facing: HIGH, as WordPress sites are typically internet-facing, and CSRF attacks can be launched remotely via malicious links or websites, making exploitation straightforward if administrators are targeted.
🏢 Internal Only: LOW, as the vulnerability requires admin authentication and is not directly exploitable from internal networks without external interaction, but internal threats could still occur if admins are tricked.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires an authenticated admin to interact with a malicious CSRF payload, but the attack itself is simple to execute with basic web knowledge.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.24.2

Vendor Advisory: https://wpscan.com/vulnerability/1e13b9ea-a3ef-483b-b967-6ec14bd6d54d

Restart Required: No

Instructions:

1. Log into the WordPress admin dashboard. 2. Navigate to Plugins > Installed Plugins. 3. Find 'OAuth Single Sign On' and update to version 6.24.2 or later. 4. Verify the update completes successfully.

🔧 Temporary Workarounds

Temporary CSRF Protection

all

Implement custom CSRF tokens or disable the vulnerable functionality until patching.

No direct commands; requires code modification or plugin deactivation.

🧯 If You Can't Patch

  • Restrict admin access to trusted networks only to reduce exposure to CSRF attacks.
  • Monitor and audit logs for unauthorized deletion of Identity Providers to detect potential exploitation.

🔍 How to Verify

Check if Vulnerable:

Check the plugin version in WordPress admin under Plugins > Installed Plugins; if version is below 6.24.2, it is vulnerable.

Check Version:

In WordPress, use: wp plugin list --name='OAuth Single Sign On' --field=version (requires WP-CLI)

Verify Fix Applied:

After updating, confirm the plugin version is 6.24.2 or higher in the same location.

📡 Detection & Monitoring

Log Indicators:

  • Look for logs showing deletion of Identity Providers without admin intent, such as unexpected POST requests to plugin endpoints.

Network Indicators:

  • Monitor for unusual outbound requests from admin sessions to plugin deletion URLs.

SIEM Query:

Example: source="wordpress_logs" AND action="delete_idp" AND user="admin"

📊 Metadata

CVE ID: CVE-2023-1093
CVSS v3 Score: 6.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Published: March 27, 2023
Last Updated: February 19, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON