4 matches found
CVE-2022-4148 WP OAuth Server < 4.3.0 - Subscriber+ Arbitrary Client Deletion
The WP OAuth Server OAuth Authentication WordPress plugin before 4.3.0 has a flawed CSRF and authorisation check when deleting a client, which could allow any authenticated users, such as subscriber to delete arbitrary client...
CVE-2022-4148 WP OAuth Server < 4.3.0 - Subscriber+ Arbitrary Client Deletion
The WP OAuth Server OAuth Authentication WordPress plugin before 4.3.0 has a flawed CSRF and authorisation check when deleting a client, which could allow any authenticated users, such as subscriber to delete arbitrary client...
WP OAuth Server < 4.3.0 - Subscriber+ Arbitrary Client Deletion
The plugin has a flawed CSRF and authorisation check when deleting a client, which could allow any authenticated users, such as subscriber to delete arbitrary client. Run the below command in the developer console of the web browser while being on the blog as any authenticated users, such as...
WP OAuth Server < 4.3.0 - Subscriber+ Arbitrary Client Deletion
The plugin has a flawed CSRF and authorisation check when deleting a client, which could allow any authenticated users, such as subscriber to delete arbitrary client. PoC Run the below command in the developer console of the web browser while being on the blog as any authenticated users, such as...