CVE-2022-4148 Information

Description

The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.2.5 has a flawed CSRF and authorisation check when deleting a client which could allow any authenticated users such as subscriber to delete arbitrary client.

Reference

https://wpscan.com/vulnerability/be9b25c8-b0d7-4c22-81ff-e41650a4ed41