WP OAuth Server < 4.2.5 – Arbitrary Post Deletion via CSRF
Discription

The plugin does not have CSRF check when deleting a client, and does not ensure that the object to be deleted is actually a client, which could allow attackers to make a logged in admin delete arbitrary client and post via a CSRF attack.

### PoC

The PoC will be displayed on March 07, 2023, to give users the time to update.Read More

Back to Main

Subscribe for the latest news: