Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 11:47 p.m.16 views

CVE-2022-4148

The WP OAuth Server OAuth Authentication WordPress plugin before 4.3.0 has a flawed CSRF and authorisation check when deleting a client, which could allow any authenticated users, such as subscriber to delete arbitrary client...

4.3CVSS6.8AI score0.00262EPSS
Exploits2References1
CVE
CVE
added 2023/03/20 3:52 p.m.64 views

CVE-2022-4148

CVE-2022-4148 affects the WordPress WP OAuth Server (OAuth Authentication) plugin, prior to version 4.3.0. The vulnerability is a flawed CSRF and authorization check when deleting a client, potentially allowing any authenticated user (e.g., subscribers) to delete arbitrary clients. Affected compo...

4.3CVSS4.6AI score0.00262EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2023/03/20 3:52 p.m.41 views

CVE-2022-4148 WP OAuth Server < 4.3.0 - Subscriber+ Arbitrary Client Deletion

The WP OAuth Server OAuth Authentication WordPress plugin before 4.3.0 has a flawed CSRF and authorisation check when deleting a client, which could allow any authenticated users, such as subscriber to delete arbitrary client...

5AI score0.00262EPSS
Exploits2References1
Patchstack
Patchstack
added 2023/03/02 12:0 a.m.14 views

WordPress OAuth Server Plugin < 4.3.0 is vulnerable to Broken Access Control

Software OAuth Server Type Plugin Vulnerable versions 4.3.0 Fixed in 4.3.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-4148 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 20d9eb3b6ea8 Credits Lana Codes Required privilege...

4.3CVSS6.8AI score0.00262EPSS
Exploits2References5Affected Software1
Rows per page
Query Builder