6.5
CVE-2023-1092
- EPSS 0.14%
- Veröffentlicht 27.03.2023 16:15:09
- Zuletzt bearbeitet 19.02.2025 17:15:12
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginOAuth Single Sign On – SSO (OAuth Client) <= 6.24.1 - Cross-Site Request Forgery via 'delete' in mooauth_client_applist_page
The OAuth Single Sign On Free WordPress plugin before 6.24.2, OAuth Single Sign On Standard WordPress plugin before 28.4.9, OAuth Single Sign On Premium WordPress plugin before 38.4.9 and OAuth Single Sign On Enterprise WordPress plugin before 48.4.9 do not have CSRF checks when deleting Identity Providers (IdP), which could allow attackers to make logged in admins delete arbitrary IdP via a CSRF attack
Mögliche Gegenmaßnahme
OAuth Single Sign On – SSO (OAuth Client): Update to version 6.24.2, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
OAuth Single Sign On – SSO (OAuth Client)
Version
*-6.24.1
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Miniorange ≫ Oauth Single Sign On SwEditionfree SwPlatformwordpress Version < 6.24.2
Miniorange ≫ Oauth Single Sign On SwEditionstandard SwPlatformwordpress Version < 28.4.9
Miniorange ≫ Oauth Single Sign On SwEditionpremium SwPlatformwordpress Version < 38.4.9
Miniorange ≫ Oauth Single Sign On SwEditionenterprise SwPlatformwordpress Version < 48.4.9
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.14% | 0.34 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
|