| |
Vulnerability CVE-2022-3894
Published: 2023-03-20
| Description: |
The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.2.5 does not have CSRF check when deleting a client, and does not ensure that the object to be deleted is actually a client, which could allow attackers to make a logged in admin delete arbitrary client and post via a CSRF attack. |
Type:
CWE-352 (Cross-Site Request Forgery (CSRF))
References: |
https://wpscan.com/vulnerability/298487b2-4141-4c9f-9bb2-e1450aefc1a8
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
