3 matches found
EUVD-2021-9171
Malicious code in bioql PyPI...
OAuth Single Sign On - SSO (OAuth Client) Free < 6.24.2 - IdP Deletion via CSRF
The plugin does not have CSRF checks when deleting Identity Providers IdP, which could allow attackers to make logged in admins delete arbitrary IdP via a CSRF attack https://example.com/wp-admin/admin.php?page=mooauthsettings&tab=config&action=delete&app=wordpress...
OAuth Single Sign On - SSO (OAuth Client) Standard < 28.4.9 - IdP Deletion via CSRF
The plugin does not have CSRF checks when deleting Identity Providers IdP, which could allow attackers to make logged in admins delete arbitrary IdP via a CSRF attack https://example.com/wp-admin/admin.php?page=mooauthsettings&tab=config&action=delete&app=wordpress...