CVE | CVE-2022-3926 |
CVE Title | |
Published Date | 2022-12-05T17:15Z |
Modified Date | 2022-12-06T19:40Z |
CWE Type | CWE-352 |
CVSS 3.x | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
Description | The WP OAuth Server (OAuth Authentication) WordPress plugin before 3.4.2 does not have CSRF check when regenerating secrets, which could allow attackers to make logged in admins regenerate the secret of an arbitrary client given they know the client ID |
References | |
By clicking these links you will leave this website. We do not endorse and will not be held accountable for any activity on external sites. | |
Reference URL | https://wpscan.com/vulnerability/e1fcde2a-91a5-40cb-876b-884f01c80336 |
Reference Description | MISC https://wpscan.com/vulnerability/e1fcde2a-91a5-40cb-876b-884f01c80336 |
Reference Description | |
Tags | Exploit Third Party Advisory |
Sources | NIST MITRE |