Security Advisory

CVE-2022-3894

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-03-20 15:52:07

Last updated 2025-02-26 19:07:21

Assigner WPScan

State PUBLISHED

Description

The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.2.5 does not have CSRF check when deleting a client, and does not ensure that the object to be deleted is actually a client, which could allow attackers to make a logged in admin delete arbitrary client and post via a CSRF attack.

← Browse all CVEs View on cve.org ↗