← Back

CVE-2023-1092

nvd nist
Published: Mar 27, 2023Modified: Feb 19, 2025

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Exploitability: 2.8 / Impact: 3.6
Source: NVD

Description

The OAuth Single Sign On Free WordPress plugin before 6.24.2, OAuth Single Sign On Standard WordPress plugin before 28.4.9, OAuth Single Sign On Premium WordPress plugin before 38.4.9 and OAuth Single Sign On Enterprise WordPress plugin before 48.4.9 do not have CSRF checks when deleting Identity Providers (IdP), which could allow attackers to make logged in admins delete arbitrary IdP via a CSRF attack

Affected (4)

Miniorange
1 product
Oauth Single Sign On
Configuration A
4 vulnerable
Vulnerable SoftwareAffected Versions
Miniorange
Oauth Single Sign On
Before 48.4.9
Oauth Single Sign On
Before 6.24.2
Oauth Single Sign On
Before 38.4.9
Oauth Single Sign On
Before 28.4.9

References (8)

Source: contact@wpscan.com
ExploitThird Party Advisory
Source: contact@wpscan.com
ExploitThird Party Advisory
Source: contact@wpscan.com
ExploitThird Party Advisory
Source: contact@wpscan.com
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory

Timeline

No history available yet.