CVE-2025-10752
📋 TL;DR
This CSRF vulnerability in the OAuth Single Sign On plugin for WordPress allows attackers to forge OAuth authorization requests by exploiting predictable state parameters. Attackers can potentially hijack OAuth flows if they trick administrators into clicking malicious links. All WordPress sites using this plugin up to version 6.26.12 are affected.
💻 Affected Systems
- OAuth Single Sign On – SSO (OAuth Client) WordPress plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could hijack OAuth authorization flows, potentially gaining unauthorized access to administrator accounts or sensitive OAuth-connected services.
Likely Case
Attackers could perform unauthorized OAuth authorizations, potentially linking attacker-controlled accounts to legitimate user accounts.
If Mitigated
With proper CSRF protections and user awareness, exploitation requires significant social engineering and may be detected by monitoring unusual OAuth activities.
🎯 Exploit Status
Exploitation requires social engineering to trick administrators into clicking malicious links, but the technical vulnerability is straightforward.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Versions after 6.26.12
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'OAuth Single Sign On – SSO (OAuth Client)'. 4. Click 'Update Now' if available, or manually update to latest version. 5. Verify plugin is updated to version after 6.26.12.
🔧 Temporary Workarounds
Temporary Plugin Deactivation
WordPressDisable the vulnerable plugin until patched
wp plugin deactivate miniorange-login-with-eve-online-google-facebook
🧯 If You Can't Patch
- Implement web application firewall rules to block suspicious OAuth state parameters
- Educate administrators about phishing risks and implement strict link verification procedures
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → OAuth Single Sign On plugin version. If version is 6.26.12 or lower, you are vulnerable.Check Version:
wp plugin get miniorange-login-with-eve-online-google-facebook --field=versionVerify Fix Applied:
Verify plugin version is higher than 6.26.12 in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Multiple failed OAuth authorization attempts
- OAuth requests with unusual state parameters
- OAuth flows from unexpected IP addresses
Network Indicators:
- Unusual OAuth callback patterns
- Requests with predictable base64-encoded state parameters
SIEM Query:
source="wordpress" AND (event="oauth_authorization" OR event="plugin_activity") AND plugin="miniorange-login-with-eve-online-google-facebook" AND version<="6.26.12"🔗 References
- https://plugins.trac.wordpress.org/browser/miniorange-login-with-eve-online-google-facebook/tags/6.26.12/class-mooauth-widget.php#L285
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3360768%40miniorange-login-with-eve-online-google-facebook&new=3360768%40miniorange-login-with-eve-online-google-facebook&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/e8d7e8f3-e8ff-460f-a343-807bcdb865dc?source=cve
