OAuth Single Sign On - SSO (OAuth Client) Enterprise < 48.4.9 - IdP Deletion via CSRF

The plugin does not have CSRF checks when deleting Identity Providers (IdP), which could allow attackers to make logged in admins delete arbitrary IdP via a CSRF attack

PoC

https://example.com/wp-admin/admin.php?page=mo_oauth_settings&amp;tab;=config&amp;action;=delete&amp;app;=wordpress