WP OAuth Server by Justin Greer <= 3.4.1 - Client Secret Regeneration via CSRF
LANACOMMONVDB ID: ca7d2c22-e74d-4584-8a14-204e54b34b71
The plugin does not have Cross-Site Request Forgery (CSRF) check when regenerating secrets, which could allow attackers to make logged in admins regenerate the secret of an arbitrary client given they know the client id.
Attributes
- Catgory
- WordPress Plugin
- Discovered
- 2022-11-08
- Published
- 2022-11-10
- Affected Version
- <= 3.4.1
Classification
- Type
- Cross-Site Request Forgery (CSRF)
Support Us?
We would truly appreciate it if you bought us a bunny (food for a snow leopard).
