CVE-2022-3926
MEDIUMWP OAuth Server < 3.4.2 - Cross-Site Request Forgery via Secret Regeneration
Title source: llmDescription
The WP OAuth Server (OAuth Authentication) WordPress plugin before 3.4.2 does not have CSRF check when regenerating secrets, which could allow attackers to make logged in admins regenerate the secret of an arbitrary client given they know the client ID
References (1)
Core 1
Core References
Exploit, Third Party Advisory exploit
vdb-entry
technical-description
https://wpscan.com/vulnerability/e1fcde2a-91a5-40cb-876b-884f01c80336
Scores
CVSS v3
6.5
EPSS
0.0033
EPSS Percentile
24.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-352
Status
published
Products (1)
wp-oauth/wp_oauth_server
< 3.4.2
Published
Dec 05, 2022
Tracked Since
Feb 18, 2026