Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistWPScanCVELIST:CVE-2022-4148
HistoryMar 20, 2023 - 3:52 p.m.

CVE-2022-4148 WP OAuth Server < 4.3.0 - Subscriber+ Arbitrary Client Deletion

2023-03-2015:52:20
WPScan
www.cve.org
cve-2022-4148
wordpress
oauth authentication
arbitrary client deletion
csrf
authorization

5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.0%

JSON

The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.3.0 has a flawed CSRF and authorisation check when deleting a client, which could allow any authenticated users, such as subscriber to delete arbitrary client.

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "WP OAuth Server (OAuth Authentication)",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "4.3.0"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

Related

prion 1
nvd 1
wpexploit 1
cve 1
wpvulndb 1
prion
prion
Cross site request forgery (csrf)
2023-03-20 16:15:00
nvd
nvd
CVE-2022-4148
2023-03-20 16:15:11
wpexploit
wpexploit
WP OAuth Server < 4.3.0 - Subscriber+ Arbitrary Client Deletion
2023-02-21 00:00:00
cve
cve
CVE-2022-4148
2023-03-20 16:15:11
wpvulndb
wpvulndb
WP OAuth Server < 4.3.0 - Subscriber+ Arbitrary Client Deletion
2023-02-21 00:00:00

5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.0%

JSON
Related for CVELIST:CVE-2022-4148
prion1nvd1wpexploit1cve1wpvulndb1