6.5
CVE-2023-1092
- EPSS 0.44%
- Veröffentlicht 27.03.2023 16:15:09
- Zuletzt bearbeitet 19.02.2025 17:15:12
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginOAuth Single Sign On - SSO (OAuth Client) - IdP Deletion via CSRF
OAuth Single Sign On – SSO (OAuth Client) <= 6.24.1 - Cross-Site Request Forgery via 'delete' in mooauth_client_applist_page
The OAuth Single Sign On Free WordPress plugin before 6.24.2, OAuth Single Sign On Standard WordPress plugin before 28.4.9, OAuth Single Sign On Premium WordPress plugin before 38.4.9 and OAuth Single Sign On Enterprise WordPress plugin before 48.4.9 do not have CSRF checks when deleting Identity Providers (IdP), which could allow attackers to make logged in admins delete arbitrary IdP via a CSRF attack
Mögliche Gegenmaßnahme
OAuth Single Sign On – SSO (OAuth Client): Update to version 6.24.2, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Miniorange ≫ Oauth Single Sign On SwEditionfree SwPlatformwordpress Version < 6.24.2
Miniorange ≫ Oauth Single Sign On SwEditionstandard SwPlatformwordpress Version < 28.4.9
Miniorange ≫ Oauth Single Sign On SwEditionpremium SwPlatformwordpress Version < 38.4.9
Miniorange ≫ Oauth Single Sign On SwEditionenterprise SwPlatformwordpress Version < 48.4.9
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
OAuth Single Sign On – SSO (OAuth Client)
Version
*-6.24.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.44% | 0.351 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
|
https://wpscan.com/vulnerability/52e29f16-b6dd-4132-9bb8-ad10bd3c39d7
https://wpscan.com/vulnerability/5eb85df5-8aab-4f30-a401-f776a310b09c
https://wpscan.com/vulnerability/8fbf7efe-0bf2-42c6-aef1-7fcf2708b31b
https://wpscan.com/vulnerability/f6e165d9-2193-4c76-ae2d-618a739fe4fb
https://www.wordfence.com/threat-intel/vulnerabilities/id/f6658edb-11dc-4594-8936-95d60d581f49