Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Vulnrichment
Vulnrichmentadded 2025/11/11 3:30 a.m.2 views

CVE-2025-12021 WP-OAuth <= 0.4.1 - Reflected Cross-Site Scripting

The WP-OAuth plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'errordescription' parameter in all versions up to, and including, 0.4.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

6.1CVSS5.2AI score0.00158EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2025/05/23 2:58 a.m.3 views

CVE-2023-1093

The OAuth Single Sign On WordPress plugin before 6.24.2 does not have CSRF checks when discarding Identify providers IdP, which could allow attackers to make logged in admins delete all IdP via a CSRF attack...

6.5CVSS6.5AI score0.00097EPSS
Exploits2References1
OSV
OSVadded 2024/04/10 4:15 p.m.1 views

CVE-2024-31253

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in WP OAuth Server OAuth Server.This issue affects OAuth Server: from n/a through 4.3.3...

6.1CVSS7.3AI score0.00332EPSS
Exploits0References1
Patchstack
Patchstackadded 2024/04/05 12:0 a.m.9 views

WordPress OAuth Server Plugin <= 4.3.3 is vulnerable to Open Redirection

Software OAuth Server Type Plugin Vulnerable versions = 4.3.3 Fixed in 4.4.0 OWASP Top 10 A5: Security Misconfiguration Classification Open Redirection CVE CVE-2024-31253 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID 0b209ddaec61 Credits Le Ngoc Anh Required privilege...

6.1CVSS6.5AI score0.00332EPSS
Exploits0References2Affected Software1
OSV
OSVadded 2023/03/20 4:15 p.m.1 views

CVE-2022-4148

The WP OAuth Server OAuth Authentication WordPress plugin before 4.3.0 has a flawed CSRF and authorisation check when deleting a client, which could allow any authenticated users, such as subscriber to delete arbitrary client...

4.3CVSS5.9AI score0.00061EPSS
Exploits2References1
Patchstack
Patchstackadded 2023/01/27 12:0 a.m.4 views

WordPress OAuth Server Plugin <= 4.2.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software OAuth Server Type Plugin Vulnerable versions = 4.2.5 Fixed in 4.3.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE N/A Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 98e63ca58462 Credits Unknown Required privilege...

6.9AI score
Exploits0References2Affected Software1
OSV
OSVadded 2022/08/22 3:15 p.m.1 views

CVE-2022-34149

Authentication Bypass vulnerability in miniOrange WP OAuth Server plugin = 3.0.4 at WordPress...

9.8CVSS5.8AI score0.00861EPSS
Exploits1References2
ATTACKERKB
ATTACKERKBadded 2022/07/17 11:15 a.m.3 views

CVE-2022-2133

The OAuth Single Sign On WordPress plugin before 6.22.6 doesn't validate that OAuth access token requests are legitimate, which allows attackers to log onto the site with the only knowledge of a user's email address...

5.3CVSS5.8AI score0.00254EPSS
Exploits2References2
Rows per page
Query Builder