OAuth Single Sign On – SSO (OAuth Client) < 6.24.2 – IdP Discard via CSRF
Discription
The plugin does not have CSRF checks when discarding Identify providers (IdP), which could allow attackers to make logged in admins delete all IdP via a CSRF attack
### PoC
The PoC will be displayed on March 14, 2023, to give users the time to update.Read More
References
Back to Main