CVE-2022-3894

Name of the Vulnerable Software and Affected Versions WP OAuth Server (OAuth Authentication) WordPress plugin versions prior to 4.2.5

Description The issue is related to the lack of a CSRF check when deleting a client and the failure to ensure that the object to be deleted is actually a client. This could allow attackers to make a logged-in admin delete arbitrary clients and posts via a CSRF attack.

Recommendations For versions prior to 4.2.5, update to version 4.2.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the client deletion functionality to minimize the risk of exploitation.