Lucene search

[email protected]NVD:CVE-2023-1093

HistoryMar 27, 2023 - 4:15 p.m.

CVE-2023-1093

2023-03-2716:15:09

[email protected]

web.nvd.nist.gov

oauth

single sign on

csrf

wordpress

identify providers

cve-2023-1093

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

33.2%

JSON

The OAuth Single Sign On WordPress plugin before 6.24.2 does not have CSRF checks when discarding Identify providers (IdP), which could allow attackers to make logged in admins delete all IdP via a CSRF attack

Affected configurations

Nvd

Node

miniorangeoauth_single_sign_onRange<6.24.2wordpress

VendorProductVersionCPE
miniorangeoauth_single_sign_on*cpe:2.3:a:miniorange:oauth_single_sign_on:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
miniorange	oauth_single_sign_on	*	cpe:2.3:a:miniorange:oauth_single_sign_on::::::wordpress::*

References

wpscan.com/vulnerability/1e13b9ea-a3ef-483b-b967-6ec14bd6d54d

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

33.2%

JSON

Related for NVD:CVE-2023-1093

cve1 cvelist1 wpvulndb1 prion1 wpexploit1