WordPress OAuth Client by DigitialPixies plugin <= 1.1.0 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Lana Codes in WordPress OAuth Client by DigitialPixies plugin versions = 1.1.0. Solution No patched version is available. This plugin has been closed as of October 21, 2022 and is not available for download. This closure is...

CVE-2022-3632

The OAuth Client by DigitialPixies WordPress plugin through 1.1.0 does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions...

CVE-2022-3631

The OAuth Client by DigitialPixies WordPress plugin through 1.1.0 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite...

WordPress plugin OAuth Client by DigitialPixies 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

WordPress plugin OAuth Client by DigitialPixies 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

CVE-2022-3631 OAuth Client by DigitialPixies <= 1.1.0 - Admin+ Stored Cross-Site Scripting

The OAuth Client by DigitialPixies WordPress plugin through 1.1.0 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite...

CVE-2022-3632 OAuth Client by DigitialPixies <= 1.1.0 - CSRF

The OAuth Client by DigitialPixies WordPress plugin through 1.1.0 does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions...

OAuth Client by DigitialPixies <= 1.1.0 - CSRF

The plugin does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions. PoC Make a logged in user visit a page with the following code fetch'https://example.com/wp-admin/admin-ajax.php', method: 'POST', headers: new Headers 'Content-Type'...

OAuth Client by DigitialPixies <= 1.1.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup. Put the following payload in any of the plugin'...

OAuth Client by DigitialPixies <= 1.1.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup. PoC Put the following payload in any of the...