OAuth Client by DigitialPixies

OAuth Client by DigitialPixies <= 1.1.0 - CSRF

LANACOMMONVDB ID: dae7a7ae-9627-4644-ac2f-eb6e18822571

The plugin does not have Cross-Site Request Forgery (CSRF) check in some places, which could allow attackers to make logged-in users perform unwanted actions.

You must be log in to view vulnerability details.

Or register a new account.

References

Source Code: https://wordpress.org/plugins/dpt-oauth-client/

CVE: CVE-2022-3632

Attributes

Catgory: WordPress Plugin

Discovered: 2022-10-10

Published: 2022-10-21

Affected Version: <= 1.1.0

Classification

Type: Cross-Site Request Forgery (CSRF)

Researcher

Name: István Márton

Email: [email protected]

Support Us?

We would truly appreciate it if you bought us a bunny (food for a snow leopard).