The WP OAuth Server (OAuth Authentication) WordPress plugin before 3.4.2 does not have CSRF check when regenerating secrets, which could allow attackers to make logged in admins regenerate the secret of an arbitrary client given they know the client ID
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/e1fcde2a-91a5-40cb-876b-884f01c80336 | Exploit Third Party Advisory |
https://wpscan.com/vulnerability/e1fcde2a-91a5-40cb-876b-884f01c80336 | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 07:20
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-12-05 17:15
Updated : 2024-11-21 07:20
NVD link : CVE-2022-3926
Mitre link : CVE-2022-3926
CVE.ORG link : CVE-2022-3926
JSON object : View
Products Affected
wp-oauth
- wp_oauth_server
CWE
CWE-352
Cross-Site Request Forgery (CSRF)