CVE-2025-10753
📋 TL;DR
The OAuth Single Sign On plugin for WordPress has an authentication bypass vulnerability that allows unauthenticated attackers to modify the global OAuth redirect URL. This affects all WordPress sites using vulnerable versions of the plugin, potentially enabling attackers to redirect legitimate OAuth authentication flows to malicious destinations.
💻 Affected Systems
- OAuth Single Sign On – SSO (OAuth Client) WordPress plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could redirect all OAuth authentication flows to phishing sites, capturing user credentials and potentially gaining administrative access to the WordPress site.
Likely Case
Attackers modify the redirect URL to capture OAuth tokens or credentials, leading to account compromise and unauthorized access.
If Mitigated
With proper monitoring and access controls, the impact is limited to potential service disruption until the redirect is corrected.
🎯 Exploit Status
Exploitation requires direct access to the WordPress site but no authentication. The vulnerability is simple to exploit with basic HTTP requests.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 6.26.15 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins. 3. Find 'OAuth Single Sign On – SSO (OAuth Client)'. 4. Click 'Update Now' if available. 5. If not, download version 6.26.15+ from WordPress.org and manually update.
🔧 Temporary Workarounds
Disable vulnerable endpoint via .htaccess
linuxBlocks access to the vulnerable oauthredirect parameter endpoint
RewriteEngine On
RewriteCond %{QUERY_STRING} oauthredirect [NC]
RewriteRule ^ - [F,L]
🧯 If You Can't Patch
- Disable the OAuth Single Sign On plugin immediately
- Implement WAF rules to block requests containing 'oauthredirect' parameter
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > OAuth Single Sign On – SSO (OAuth Client) version numberCheck Version:
wp plugin list --name='OAuth Single Sign On – SSO (OAuth Client)' --field=versionVerify Fix Applied:
Verify plugin version is 6.26.15 or higher and test OAuth functionality works correctly📡 Detection & Monitoring
Log Indicators:
- HTTP requests containing 'oauthredirect' parameter with 'redirect_url' modification
- Unusual OAuth redirect patterns in authentication logs
Network Indicators:
- POST/GET requests to WordPress with oauthredirect parameter
- Unexpected redirects during OAuth authentication flows
SIEM Query:
web_access_logs WHERE url_query CONTAINS 'oauthredirect' AND url_query CONTAINS 'redirect_url'🔗 References
- https://plugins.trac.wordpress.org/browser/miniorange-login-with-eve-online-google-facebook/tags/6.26.12/class-mooauth-widget.php#L260
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3399223%40miniorange-login-with-eve-online-google-facebook&new=3399223%40miniorange-login-with-eve-online-google-facebook&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/915e1a6e-ad9c-4849-8ae0-3ded18720a1f?source=cve
