Home > Vulnerability Database > CVE-2023-1092

Mend.io Vulnerability Database

CVE-2023-1092

Good to know:

Date: March 27, 2023

The OAuth Single Sign On Free WordPress plugin before 6.24.2, OAuth Single Sign On Standard WordPress plugin before 28.4.9, OAuth Single Sign On Premium WordPress plugin before 38.4.9 and OAuth Single Sign On Enterprise WordPress plugin before 48.4.9 do not have CSRF checks when deleting Identity Providers (IdP), which could allow attackers to make logged in admins delete arbitrary IdP via a CSRF attack

Language: PHP

Severity Score

6.5

Related Resources (6)

Url: https://wpscan.com/vulnerability/8fbf7efe-0bf2-42c6-aef1-7fcf2708b31b

Url: https://wpscan.com/vulnerability/5eb85df5-8aab-4f30-a401-f776a310b09c

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-1092

Url: https://wpscan.com/vulnerability/52e29f16-b6dd-4132-9bb8-ad10bd3c39d7

Url: https://wpscan.com/vulnerability/f6e165d9-2193-4c76-ae2d-618a739fe4fb

Url: https://www.mend.io/vulnerability-database/CVE-2023-1092

Severity Score

6.5

Weakness Type (CWE)

Cross-Site Request Forgery (CSRF)

CWE-352

Top Fix

Upgrade Version

Upgrade to version 6.24.2

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-1092

Good to know:

Date: March 27, 2023

Language: PHP

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?