exploitDog

CVE-2022-3926

Опубликовано: 05 дек. 2022

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

The WP OAuth Server (OAuth Authentication) WordPress plugin before 3.4.2 does not have CSRF check when regenerating secrets, which could allow attackers to make logged in admins regenerate the secret of an arbitrary client given they know the client ID

Ссылки

https://wpscan.com/vulnerability/e1fcde2a-91a5-40cb-876b-884f01c80336
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/e1fcde2a-91a5-40cb-876b-884f01c80336
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wp-oauth:wp_oauth_server:*:*:*:*:*:wordpress:*:*

Версия до 3.4.2 (исключая)

EPSS

Процентиль: 22%

0.00074

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-352

Связанные уязвимости

GHSA-crph-m3vh-q24g

CVSS3: 6.5

github

около 3 лет назад

The WP OAuth Server (OAuth Authentication) WordPress plugin before 3.4.2 does not have CSRF check when regenerating secrets, which could allow attackers to make logged in admins regenerate the secret of an arbitrary client given they know the client ID

EPSS

Процентиль: 22%

0.00074

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-352