The WP OAuth Server (OAuth Authentication) WordPress plugin before 3.4.2 does not have CSRF check when regenerating secrets, which could allow attackers to make logged in admins regenerate the secret of an arbitrary client given they know the client ID
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2022-12-05T16:50:35.245Z

Updated: 2024-08-03T01:27:53.908Z

Reserved: 2022-11-10T13:13:50.936Z

Link: CVE-2022-3926

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-12-05T17:15:10.733

Modified: 2024-11-21T07:20:32.883

Link: CVE-2022-3926

cve-icon Redhat

No data.