Lucene search
WPScanCVELIST:CVE-2022-3894HistoryMar 20, 2023 - 3:52 p.m.
CVE-2022-3894 WP OAuth Server < 4.2.5 - Arbitrary Post Deletion via CSRF
2023-03-2015:52:07
WPScan
www.cve.org
wordpress plugin
oauth server
arbitrary post deletion
csrf attack
logged in admin
The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.2.5 does not have CSRF check when deleting a client, and does not ensure that the object to be deleted is actually a client, which could allow attackers to make a logged in admin delete arbitrary client and post via a CSRF attack.
CNA Affected
[
{
"vendor": "Unknown",
"product": "WP OAuth Server (OAuth Authentication)",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "4.2.5"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
wpvulndb
wpvulndb
WP OAuth Server < 4.2.5 - Arbitrary Post Deletion via CSRF
2023-02-21 00:00:00
cve
cve
CVE-2022-3894
2023-03-20 16:15:11
prion
prion
Cross site request forgery (csrf)
2023-03-20 16:15:00
nvd
nvd
CVE-2022-3894
2023-03-20 16:15:11
wpexploit
wpexploit
WP OAuth Server < 4.2.5 - Arbitrary Post Deletion via CSRF
2023-02-21 00:00:00
wordfence
wordfence