ByteOS Network

CVE Vulnerability Details :

CVE-2026-7617

PUBLISHED

More Info Official Page

Assigner-Wordfence

Assigner Org ID-b15e7b5b-3da4-40ae-a43c-f7aa60e62599

Published At-24 Jun, 2026 | 05:33

Updated At-24 Jun, 2026 | 05:33

▼CVE Numbering Authority (CNA)

Secufor_OAuth <= 1.0.7 - Missing Authorization to Unauthenticated Account Logout via 'secuforoauth_unregister_action' AJAX Action

The Secufor_OAuth plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to disconnect the WordPress site from its linked Secufor account by clearing the plugin's stored login token and user login configuration.

Affected Products

Vendor

secufor

Product

Secufor_OAuth

Default Status

unaffected

Versions

Affected

From 0 through 1.0.7 (semver)

Problem Types

Type	CWE ID	Description
CWE	CWE-862	CWE-862 Missing Authorization

Type: CWE

CWE ID: CWE-862

Description: CWE-862 Missing Authorization

Metrics

Version	Base score	Base severity	Vector
3.1	5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Version: 3.1

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Credits

finder

SHIVAM KUMAR

Timeline

Event	Date
Disclosed	2026-06-23 16:37:57

Event: Disclosed

Date: 2026-06-23 16:37:57

References

Hyperlink	Resource
https://www.wordfence.com/threat-intel/vulnerabilities/id/61293c20-cabe-412d-94d1-1d0326d35a46?source=cve	N/A
https://plugins.trac.wordpress.org/browser/wpoauth/trunk/secuforoauth_login.php#L212	N/A
https://plugins.trac.wordpress.org/browser/wpoauth/tags/1.0.7/secuforoauth_login.php#L212	N/A
https://plugins.trac.wordpress.org/browser/wpoauth/trunk/secuforoauth_login.php#L220	N/A
https://plugins.trac.wordpress.org/browser/wpoauth/tags/1.0.7/secuforoauth_login.php#L220	N/A