CVE-2025-9485 in OAuth Single Sign On Plugin
Summary
by MITRE • 10/04/2025
The OAuth Single Sign On – SSO (OAuth Client) plugin for WordPress is vulnerable to Improper Verification of Cryptographic Signature in versions up to, and including, 6.26.12. This is due to the plugin performing unsafe JWT token processing without verification or validation in the `get_resource_owner_from_id_token` function. This makes it possible for unauthenticated attackers to bypass authentication and gain access to any existing user account - including administrators in certain configurations - or to create arbitrary subscriber-level accounts.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 10/06/2025
The vulnerability identified as CVE-2025-9485 affects the OAuth Single Sign On SSO plugin for WordPress, specifically targeting versions up to and including 6.26.12. This represents a critical security flaw that undermines the fundamental authentication mechanisms of WordPress sites relying on this plugin for single sign-on functionality. The issue stems from inadequate cryptographic signature verification within the plugin's implementation, creating a pathway for malicious actors to exploit the authentication system without proper authorization. The vulnerability is particularly concerning given that OAuth protocols are designed to provide secure authentication and authorization services, making this weakness a significant threat to WordPress installations that depend on external identity providers for user authentication.
The technical flaw manifests in the `get_resource_owner_from_id_token` function where the plugin processes JSON Web Tokens without performing proper cryptographic signature verification. This function is responsible for validating identity tokens issued by OAuth providers, yet it fails to validate the cryptographic integrity of these tokens before accepting them as legitimate authentication credentials. The absence of signature verification means that attackers can craft malicious JWT tokens with forged claims, potentially impersonating legitimate users or creating unauthorized accounts within the WordPress system. This vulnerability directly maps to CWE-347, which addresses the improper verification of cryptographic signatures, and represents a classic example of how inadequate cryptographic validation can lead to complete authentication bypass scenarios.
The operational impact of this vulnerability extends beyond simple unauthorized access, creating a comprehensive threat landscape for affected WordPress installations. Unauthenticated attackers can leverage this weakness to gain access to existing user accounts, including those with administrative privileges when certain configurations are in place, effectively providing them with full control over the affected systems. Additionally, the vulnerability enables attackers to create arbitrary subscriber-level accounts, which can serve as persistent footholds within the WordPress environment or as stepping stones for further attacks. This capability significantly increases the attack surface and potential damage that can be inflicted upon compromised systems, as attackers can establish accounts with varying levels of access based on their objectives and the specific configuration of the targeted WordPress installation.
Organizations and system administrators should immediately implement mitigations to address this vulnerability by updating to the latest version of the OAuth Single Sign On plugin where the cryptographic signature verification has been properly implemented. The recommended approach involves conducting thorough security assessments of all WordPress installations using this plugin to identify and remediate the vulnerability before it can be exploited. Additionally, implementing network-level monitoring and logging of authentication attempts can help detect potential exploitation attempts. The ATT&CK framework categorizes this vulnerability under privilege escalation and credential access techniques, highlighting the need for layered security approaches that include regular security updates, proper access controls, and continuous monitoring of authentication systems to prevent unauthorized access to critical resources.