CVE-2023-1093
Summary
| CVE | CVE-2023-1093 |
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-03-27 16:15:00 UTC |
| Updated | 2023-11-07 04:02:00 UTC |
| Description | The OAuth Single Sign On WordPress plugin before 6.24.2 does not have CSRF checks when discarding Identify providers (IdP), which could allow attackers to make logged in admins delete all IdP via a CSRF attack |
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| OAuth Single Sign On - SSO (OAuth Client) < 6.24.2 - IdP Discard via CSRF WordPress Security Vulnerability |
MISC |
wpscan.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.