Lucene search
China National Vulnerability DatabaseCNVD-2022-88248HistorySep 28, 2022 - 12:00 a.m.
WordPress OAuth client Single Sign On cross-site request forgery vulnerability
2022-09-2800:00:00
China National Vulnerability Database
www.cnvd.org.cn
5
wordpress
oauth
single sign on
cross-site request forgery
vulnerability
php
mysql
csrf
attackers
unauthenticated
0.001 Low
EPSS
Percentile
40.0%
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. WordPress OAuth client Single Sign On versions prior to 3.0.4 have a cross-site request forgery vulnerability that stems from not authorizing and not doing CSRF checks when updating their settings. unauthenticated attackers can exploit the vulnerability to update them and change the endpoint to an endpoint they control, and if they know the correct email address, they can be authenticated as an administrator.
| CPE | Name | Operator | Version |
|---|---|---|---|
| wordpress oauth client single sign on | lt | 3.0.4 |
Related
prion
prion
Cross site request forgery (csrf)
2022-09-26 13:15:00
nvd
nvd
CVE-2022-3119
2022-09-26 13:15:11
cvelist
cvelist
cve
cve
CVE-2022-3119
2022-09-26 13:15:11
wpvulndb
wpvulndb
wpexploit
wpexploit