Description
WordPress Plugin OAuth client Single Sign On for WordPress (OAuth 2.0 SSO) is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently update plugins's settings. WordPress Plugin OAuth client Single Sign On for WordPress (OAuth 2.0 SSO) version 3.0.3 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 3.0.4 or latest
References
https://sploitus.com/exploit?id=WPEX-ID:55B83CEE-A8A5-4F9D-A976-A3EED9A558E5
https://plugins.svn.wordpress.org/oauth-client-for-user-authentication/trunk/readme.txt
Related Vulnerabilities
Apache HTTP Server Uncontrolled Resource Consumption Vulnerability (CVE-2011-3348)
WordPress Plugin WP Smart Import: Import any XML File to WordPress Cross-Site Scripting (1.0.2)
WordPress Plugin Shortcode for Font Awesome Cross-Site Scripting (1.4)