WP OAuth Server by Justin Greer <= 4.2.3 - Arbitrary Post Deletion via CSRF
LANACOMMONVDB ID: 260c6c27-3b96-4938-92d2-7c879f879fd6
The plugin does not have Cross-Site Request Forgery (CSRF) check when deleting a client, and does not ensure that the object to be deleted is actually a client, which could allow attackers to make a logged in admin delete arbitrary client and post via a Cross-Site Request Forgery (CSRF) attack.
Attributes
- Catgory
- WordPress Plugin
- Discovered
- 2022-11-07
- Published
- 2023-02-21
- Affected Version
- <= 4.2.3
Classification
- Type
- Cross-Site Request Forgery (CSRF)
Support Us?
We would truly appreciate it if you bought us a bunny (food for a snow leopard).
