4 matches found
CVE-2022-4148
The WP OAuth Server OAuth Authentication WordPress plugin before 4.3.0 has a flawed CSRF and authorisation check when deleting a client, which could allow any authenticated users, such as subscriber to delete arbitrary client...
CVE-2022-4148
CVE-2022-4148 affects the WordPress WP OAuth Server (OAuth Authentication) plugin, prior to version 4.3.0. The vulnerability is a flawed CSRF and authorization check when deleting a client, potentially allowing any authenticated user (e.g., subscribers) to delete arbitrary clients. Affected compo...
CVE-2022-4148 WP OAuth Server < 4.3.0 - Subscriber+ Arbitrary Client Deletion
The WP OAuth Server OAuth Authentication WordPress plugin before 4.3.0 has a flawed CSRF and authorisation check when deleting a client, which could allow any authenticated users, such as subscriber to delete arbitrary client...
WordPress OAuth Server Plugin < 4.3.0 is vulnerable to Broken Access Control
Software OAuth Server Type Plugin Vulnerable versions 4.3.0 Fixed in 4.3.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-4148 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 20d9eb3b6ea8 Credits Lana Codes Required privilege...