CVE-2025-10752 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the OAuth Single Sign On – SSO (OAuth Client) plugin for WordPress, developed by cyberlord92. This vulnerability exists in all versions up to and including 6.26.12. The root cause is the use of a predictable state parameter in the OAuth authorization flow. Specifically, the state parameter is a base64 encoded application name without any added randomness or entropy. The state parameter in OAuth is intended to prevent CSRF attacks by binding the authorization request to the client session. However, when predictable, attackers can craft forged OAuth authorization requests that appear legitimate to the server. An unauthenticated attacker can exploit this by tricking a site administrator into clicking a malicious link, which initiates an OAuth flow with a forged state parameter. This can lead to hijacking or manipulation of the OAuth authorization process, potentially allowing the attacker to gain unauthorized access or escalate privileges within the affected WordPress site. The vulnerability does not require prior authentication but does require user interaction (clicking a malicious link). The CVSS 3.1 base score is 4.3 (medium severity), reflecting the limited impact on confidentiality (no direct data disclosure), low impact on integrity (possible manipulation of OAuth flow), and no impact on availability. No known exploits are currently in the wild, and no patches have been published at the time of disclosure. This vulnerability highlights the importance of implementing proper anti-CSRF protections in OAuth implementations, including the use of cryptographically secure, random state parameters to bind authorization requests to user sessions.

For European organizations using the cyberlord92 OAuth Single Sign On – SSO (OAuth Client) plugin on WordPress, this vulnerability poses a moderate risk. Successful exploitation could allow attackers to hijack OAuth authorization flows, potentially leading to unauthorized access to internal systems or user accounts tied to the OAuth provider. This could result in privilege escalation or unauthorized actions performed under the guise of legitimate administrators. While the vulnerability does not directly expose sensitive data or disrupt service availability, the integrity of authentication processes is compromised, which can undermine trust in identity management and access control. Organizations in sectors with strict regulatory requirements for access control and identity verification, such as finance, healthcare, and government, may face compliance risks if exploited. Additionally, the requirement for user interaction (administrator clicking a malicious link) means that social engineering or phishing campaigns could be used to facilitate attacks. Given the widespread use of WordPress across Europe and the popularity of OAuth SSO solutions, this vulnerability could be leveraged as part of targeted attacks against high-value targets or supply chain attacks involving compromised WordPress sites.

To mitigate this vulnerability, organizations should: 1) Immediately update the OAuth Single Sign On – SSO (OAuth Client) plugin to a patched version once available that implements a cryptographically secure, random state parameter in the OAuth flow. 2) Until a patch is available, consider disabling the OAuth SSO plugin or restricting its use to trusted administrators only. 3) Implement additional monitoring and alerting for suspicious OAuth authorization requests or unusual login patterns that could indicate exploitation attempts. 4) Educate administrators and users about the risks of clicking unsolicited or suspicious links, especially those that initiate authentication flows. 5) Employ web application firewalls (WAFs) with custom rules to detect and block forged OAuth requests with predictable state parameters. 6) Review and harden OAuth client configurations to ensure best practices are followed, including validating state parameters and enforcing strict session management. 7) Conduct regular security assessments and penetration testing focused on authentication mechanisms to detect similar weaknesses.