EUVD-2022-51509

Malicious code in bioql PyPI...

CVE-2022-3894

The WP OAuth Server OAuth Authentication WordPress plugin before 4.2.5 does not have CSRF check when deleting a client, and does not ensure that the object to be deleted is actually a client, which could allow attackers to make a logged in admin delete arbitrary client and post via a CSRF attack...

GHSA-GVVX-FC6P-2H9X Duplicate Advisory: Wallabag user can delete own API client unintentionally

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-gjvc-55fw-v6vq. This link is maintained to preserve external references. Original Description Cross-Site Request Forgery CSRF in GitHub repository wallabag/wallabag prior to 2.6.3...

CSRF leading to delete Client API in API clients management

Description wallabag was discovered to contain a Cross-Site Request Forgery CSRF which allows attackers to arbitrarily delete API key via client/delete/id Proof of Concept history.pushState'', '', '/'; document.forms0.submit;...

CVE-2022-4148

The WP OAuth Server OAuth Authentication WordPress plugin before 4.3.0 has a flawed CSRF and authorisation check when deleting a client, which could allow any authenticated users, such as subscriber to delete arbitrary client...

CVE-2022-3894

The WP OAuth Server OAuth Authentication WordPress plugin before 4.2.5 does not have CSRF check when deleting a client, and does not ensure that the object to be deleted is actually a client, which could allow attackers to make a logged in admin delete arbitrary client and post via a CSRF attack...

Cross site request forgery (csrf)

The WP OAuth Server OAuth Authentication WordPress plugin before 4.3.0 has a flawed CSRF and authorisation check when deleting a client, which could allow any authenticated users, such as subscriber to delete arbitrary client...

Cross site request forgery (csrf)

The WP OAuth Server OAuth Authentication WordPress plugin before 4.2.5 does not have CSRF check when deleting a client, and does not ensure that the object to be deleted is actually a client, which could allow attackers to make a logged in admin delete arbitrary client and post via a CSRF attack...

CVE-2022-4148 WP OAuth Server < 4.3.0 - Subscriber+ Arbitrary Client Deletion

The WP OAuth Server OAuth Authentication WordPress plugin before 4.3.0 has a flawed CSRF and authorisation check when deleting a client, which could allow any authenticated users, such as subscriber to delete arbitrary client...

CVE-2022-4148 WP OAuth Server < 4.3.0 - Subscriber+ Arbitrary Client Deletion

The WP OAuth Server OAuth Authentication WordPress plugin before 4.3.0 has a flawed CSRF and authorisation check when deleting a client, which could allow any authenticated users, such as subscriber to delete arbitrary client...

PT-2023-13666 · WordPress · Wp Oauth Server

Name of the Vulnerable Software and Affected Versions: WP OAuth Server OAuth Authentication WordPress plugin versions prior to 4.2.5 Description: The issue is related to the lack of a CSRF check when deleting a client and the failure to ensure that the object to be deleted is actually a client...

PT-2023-13987 · WordPress · Wp Oauth Server

Name of the Vulnerable Software and Affected Versions: WP OAuth Server OAuth Authentication plugin versions prior to 4.3.0 Description: The issue is related to a flawed CSRF and authorisation check when deleting a client. This could allow any authenticated users, such as subscribers, to delete...

WP OAuth Server < 4.3.0 - Subscriber+ Arbitrary Client Deletion

The plugin has a flawed CSRF and authorisation check when deleting a client, which could allow any authenticated users, such as subscriber to delete arbitrary client. Run the below command in the developer console of the web browser while being on the blog as any authenticated users, such as...

WP OAuth Server < 4.3.0 - Subscriber+ Arbitrary Client Deletion

The plugin has a flawed CSRF and authorisation check when deleting a client, which could allow any authenticated users, such as subscriber to delete arbitrary client. PoC Run the below command in the developer console of the web browser while being on the blog as any authenticated users, such as...

Online Sports Complex Booking System 1.0 SQL Injection

Title: Online Sports Complex Booking System 1.0 SQL Injection Author: Zllggggg Vendor: https://www.sourcecodester.com/php/15236/online-sports-complex-booking-system-phpmysql-free-source-code.html Software: https://www.sourcecodester.com/sites/default/files/download/oretnom23/scbs1.zip Reference:...