exploitDog

CVE-2022-3894

Опубликовано: 20 мар. 2023

Источник: nvd

CVSS3: 4.3

EPSS Низкий

Описание

The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.2.5 does not have CSRF check when deleting a client, and does not ensure that the object to be deleted is actually a client, which could allow attackers to make a logged in admin delete arbitrary client and post via a CSRF attack.

Ссылки

https://wpscan.com/vulnerability/298487b2-4141-4c9f-9bb2-e1450aefc1a8
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/298487b2-4141-4c9f-9bb2-e1450aefc1a8
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:dash10:oauth_server:*:*:*:*:*:wordpress:*:*

Версия до 4.2.5 (исключая)

EPSS

Процентиль: 25%

0.00085

Низкий

4.3 Medium

CVSS3

Дефекты

Связанные уязвимости

GHSA-r88p-4gjh-7prw

CVSS3: 4.3

github

почти 3 года назад

The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.2.5 does not have CSRF check when deleting a client, and does not ensure that the object to be deleted is actually a client, which could allow attackers to make a logged in admin delete arbitrary client and post via a CSRF attack.

EPSS

Процентиль: 25%

0.00085

Низкий

4.3 Medium

CVSS3

Дефекты