Lucene search
HistoryMar 20, 2023 - 4:15 p.m.
CVE-2022-4148
wp oauth server
csrf
authorization
wordpress
plugin
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
AI Score
4.7
Confidence
High
EPSS
0.001
Percentile
20.0%
The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.3.0 has a flawed CSRF and authorisation check when deleting a client, which could allow any authenticated users, such as subscriber to delete arbitrary client.
Affected configurations
Node
dash10oauth_serverRange<4.3.0wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| dash10 | oauth_server | * | cpe:2.3:a:dash10:oauth_server:*:*:*:*:*:wordpress:*:* |
Related
wpvulndb
wpvulndb
WP OAuth Server < 4.3.0 - Subscriber+ Arbitrary Client Deletion
2023-02-21 00:00:00
cve
cve
CVE-2022-4148
2023-03-20 16:15:11
cvelist
cvelist
prion
prion
Cross site request forgery (csrf)
2023-03-20 16:15:00
wpexploit
wpexploit
WP OAuth Server < 4.3.0 - Subscriber+ Arbitrary Client Deletion
2023-02-21 00:00:00
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
AI Score
4.7
Confidence
High
EPSS
0.001
Percentile
20.0%
Related for NVD:CVE-2022-4148