Lucene search
Nguyen Thuc TuyenWPEX-ID:F6E165D9-2193-4C76-AE2D-618A739FE4FBHistoryFeb 28, 2023 - 12:00 a.m.
OAuth Single Sign On - SSO (OAuth Client) Enterprise < 48.4.9 - IdP Deletion via CSRF
2023-02-2800:00:00
Nguyen Thuc Tuyen
85
oauth
single sign on
sso
idp
deletion
csrf
exploit
enterprise
wordpress
security settings
EPSS
0.001
Percentile
47.5%
The plugin does not have CSRF checks when deleting Identity Providers (IdP), which could allow attackers to make logged in admins delete arbitrary IdP via a CSRF attack
https://example.com/wp-admin/admin.php?page=mo_oauth_settings&tab=config&action=delete&app=wordpressRelated
prion
prion
Cross site request forgery (csrf)
2023-03-27 16:15:00
wpexploit
wpexploit
wpvulndb
wpvulndb
cvelist
cvelist
nvd
nvd
CVE-2023-1092
2023-03-27 16:15:09
cve
cve
CVE-2023-1092
2023-03-27 16:15:09
wordfence
wordfence