CVE-2022-3926

Exploit

EPSS 0.07%
Veröffentlicht 05.12.2022 17:15:10
Zuletzt bearbeitet 23.04.2025 16:15:24
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

WP OAuth Server (OAuth Authentication) <= 4.2.5 - Cross-Site Request Forgery

The WP OAuth Server (OAuth Authentication) WordPress plugin before 3.4.2 does not have CSRF check when regenerating secrets, which could allow attackers to make logged in admins regenerate the secret of an arbitrary client given they know the client ID

Mögliche Gegenmaßnahme

WP OAuth Server (OAuth Authentication): Update to version 4.3.0, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt WP OAuth Server (OAuth Authentication)

Version *-4.2.5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Wp-oauth ≫ Wp Oauth Server SwPlatformwordpress Version < 3.4.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.224

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

https://wpscan.com/vulnerability/e1fcde2a-91a5-40cb-876b-884f01c80336

Third Party Advisory

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/77de0955-d6e4-4da0-8a71-772c404e5dc2

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-3926

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-3926

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-3926

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-3926