CVE-2022-3119 is a high-severity vulnerability affecting the OAuth client Single Sign On (SSO) plugin for WordPress, specifically versions prior to 3.0.4. The flaw arises from improper authentication and lack of Cross-Site Request Forgery (CSRF) protections when updating the plugin's settings. This deficiency allows unauthenticated attackers to modify critical configuration parameters, including the OAuth endpoints. By redirecting these endpoints to attacker-controlled servers, adversaries can manipulate the OAuth authentication flow. If the attacker knows a valid administrator's email address, they can exploit this to authenticate as that admin user without possessing valid credentials. The vulnerability is categorized under CWE-287 (Improper Authentication) and CWE-352 (Cross-Site Request Forgery). The CVSS v3.1 base score is 7.5, reflecting a network attack vector with no privileges or user interaction required, and a high impact on integrity but no impact on confidentiality or availability. No known exploits are reported in the wild as of the publication date, but the potential for privilege escalation and full administrative control over affected WordPress sites is significant. The plugin’s role in enabling OAuth 2.0 SSO means that compromised sites could be fully controlled by attackers, leading to website defacement, data manipulation, or further pivoting within the hosting environment.

For European organizations using WordPress with the vulnerable OAuth client SSO plugin, this vulnerability poses a serious risk. Successful exploitation grants attackers administrative access, enabling them to alter website content, inject malicious code, steal sensitive data, or deploy ransomware. Given WordPress's widespread use across European businesses, government portals, and e-commerce platforms, the impact could be extensive. Compromised sites could damage organizational reputation, lead to regulatory non-compliance (e.g., GDPR breaches), and cause operational disruptions. The lack of authentication and CSRF protections means attackers can exploit this remotely without user interaction, increasing the likelihood of automated attacks. Additionally, attackers could use compromised WordPress sites as a foothold to infiltrate internal networks or launch supply chain attacks. The impact is particularly severe for sectors relying heavily on web presence and customer trust, such as finance, healthcare, and public administration.

Organizations should immediately verify the version of the OAuth client Single Sign On plugin installed on their WordPress instances and upgrade to version 3.0.4 or later, where this vulnerability is patched. If upgrading is not immediately possible, restrict access to the WordPress admin dashboard and plugin settings via network-level controls such as IP whitelisting or VPN access. Implement Web Application Firewall (WAF) rules to detect and block unauthorized POST requests targeting the plugin’s settings endpoints. Conduct thorough audits of OAuth configuration settings to detect unauthorized changes. Employ monitoring and alerting for unusual login patterns or configuration modifications. Additionally, enforce strong email address verification and consider multi-factor authentication (MFA) for WordPress admin accounts to reduce the risk of account compromise. Regularly review plugin security advisories and maintain a robust patch management process to promptly address emerging vulnerabilities.