Back to search
CVE-2022-3894
Published: Mar 20, 2023
Modified: Feb 26, 2025
PUBLISHED
Description
The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.2.5 does not have CSRF check when deleting a client, and does not ensure that the object to be deleted is actually a client, which could allow attackers to make a logged in admin delete arbitrary client and post via a CSRF attack.
| Vendor | Product | Versions |
|---|---|---|
Unknown | WP OAuth Server (OAuth Authentication) | affected 0 - < 4.2.5 |
References
https://wpscan.com/vulnerability/298487b2-4141-4c9f-9bb2-e1450aefc1a8
exploit
vdb-entry
technical-description
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now