Lucene search

Lana CodesPATCHSTACK:58CF158DD11AC29E8D3825E93B5E2F55

HistoryNov 15, 2022 - 12:00 a.m.

WordPress OAuth Client by DigitialPixies plugin <= 1.1.0 - Cross-Site Request Forgery (CSRF) vulnerability

2022-11-1500:00:00

Lana Codes

patchstack.com

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

JSON

Cross-Site Request Forgery (CSRF) vulnerability discovered by Lana Codes in WordPress OAuth Client by DigitialPixies plugin (versions <= 1.1.0)

Solution

           No patched version is available. This plugin has been closed as of October 21, 2022 and is not available for download. This closure is temporary, pending a full review.

CPENameOperatorVersion
oauth client by digitialpixiesle1.1.0

CPE	Name	Operator	Version
	oauth client by digitialpixies	le	1.1.0

References

wpscan.com/vulnerability/4c1b0e5e-245a-4d1f-a561-e91af906e62d

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

JSON

Related for PATCHSTACK:58CF158DD11AC29E8D3825E93B5E2F55