CVE-2022-3926

The WP OAuth Server (OAuth Authentication) WordPress plugin before 3.4.2 does not have CSRF check when regenerating secrets, which could allow attackers to make logged in admins regenerate the secret of an arbitrary client given they know the client ID
Configurations

Configuration 1 (hide)

cpe:2.3:a:wp-oauth:wp_oauth_server:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 07:20

Type Values Removed Values Added
New CVE

Information

Published : 2022-12-05 17:15

Updated : 2024-11-21 07:20


NVD link : CVE-2022-3926

Mitre link : CVE-2022-3926

CVE.ORG link : CVE-2022-3926


JSON object : View

Products Affected

wp-oauth

  • wp_oauth_server
CWE
CWE-352

Cross-Site Request Forgery (CSRF)