Lucene search
Erwan LR (WPScan)WPVDB-ID:1E13B9EA-A3EF-483B-B967-6EC14BD6D54DHistoryFeb 28, 2023 - 12:00 a.m.
OAuth Single Sign On - SSO (OAuth Client) < 6.24.2 - IdP Discard via CSRF
2023-02-2800:00:00
Erwan LR (WPScan)
wpscan.com
6
oauth
single sign on
csrf
idp discard
0.001 Low
EPSS
Percentile
29.9%
The plugin does not have CSRF checks when discarding Identify providers (IdP), which could allow attackers to make logged in admins delete all IdP via a CSRF attack
PoC
Make a logged in admin open: https://example.com/wp-admin/admin.php?page=mo_oauth_settings&tab;=config&action;=discard
| CPE | Name | Operator | Version |
|---|---|---|---|
| miniorange-login-with-eve-online-google-facebook | lt | 6.24.2 |
Related
cve
cve
CVE-2023-1093
2023-03-27 16:15:09
cvelist
cvelist
nvd
nvd
CVE-2023-1093
2023-03-27 16:15:09
prion
prion
Cross site request forgery (csrf)
2023-03-27 16:15:00
wpexploit
wpexploit
OAuth Single Sign On - SSO (OAuth Client) < 6.24.2 - IdP Discard via CSRF
2023-02-28 00:00:00