EPSS
Percentile
47.5%
The plugin does not have CSRF checks when deleting Identity Providers (IdP), which could allow attackers to make logged in admins delete arbitrary IdP via a CSRF attack
https://example.com/wp-admin/admin.php?page=mo_oauth_settings&tab;=config&action;=delete&app;=wordpress