WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. WordPress OAuth client Single Sign On versions prior to 3.0.4 have a cross-site request forgery vulnerability that stems from not authorizing and not doing CSRF checks when updating their settings. unauthenticated attackers can exploit the vulnerability to update them and change the endpoint to an endpoint they control, and if they know the correct email address, they can be authenticated as an administrator.
CPE | Name | Operator | Version |
---|---|---|---|
wordpress oauth client single sign on | lt | 3.0.4 |