Lucene search
K

11 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/06 6:46 a.m.4 views

CVE-2025-10753

The OAuth Single Sign On – SSO OAuth Client plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 6.26.14. This is due to missing capability checks and authentication verification on the OAuth redirect functionality accessible via the 'oauthredirect' opti...

5.3CVSS5.3AI score0.00334EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/06 6:46 a.m.4 views

CVE-2025-10753 OAuth Single Sign On – SSO (OAuth Client) <= 6.26.14 - Missing Authorization

The OAuth Single Sign On – SSO OAuth Client plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 6.26.14. This is due to missing capability checks and authentication verification on the OAuth redirect functionality accessible via the 'oauthredirect' opti...

5.3CVSS5.3AI score0.00334EPSS
Exploits0References3
Gitee
Gitee
added 2025/12/07 6:54 p.m.156 views

awesome-burp-extensions

This is a curated list of Burp Extensions, a collection of user-submitted plugins for the Burp Suite web application security testing tool. The repository is maintained under a CC0 1.0 Universal license, allowing for the permanent relinquishment of copyright and related rights to the works...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2024-33486

Malicious code in bioql PyPI...

8.1CVSS9AI score0.00744EPSS
Exploits0References2
CVE
CVE
added 2024/12/12 3:23 a.m.87 views

CVE-2024-10111

CVE-2024-10111 is an authentication bypass in the WordPress plugin OAuth Single Sign On – SSO (OAuth Client). Up to and including version 6.26.3, the token’s returned user is not properly verified, enabling unauthenticated attackers to log in as any existing site user (potentially an Administrato...

8.1CVSS7.2AI score0.00744EPSS
Exploits0References3
OSV
OSV
added 2023/03/27 4:15 p.m.5 views

CVE-2023-1093

The OAuth Single Sign On WordPress plugin before 6.24.2 does not have CSRF checks when discarding Identify providers IdP, which could allow attackers to make logged in admins delete all IdP via a CSRF attack...

6.5CVSS6.6AI score0.00326EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/02/28 12:0 a.m.107 views

OAuth Single Sign On - SSO (OAuth Client) Premium < 38.4.9 - IdP Deletion via CSRF

The plugin does not have CSRF checks when deleting Identity Providers IdP, which could allow attackers to make logged in admins delete arbitrary IdP via a CSRF attack https://example.com/wp-admin/admin.php?page=mooauthsettings&tab=config&action=delete&app=wordpress...

6.5CVSS6.8AI score0.00442EPSS
Exploits5
Huntr
Huntr
added 2023/02/12 1:7 p.m.75 views

Account Takeover and Persistence due to the Oauth Misconfiguration

Team, May you all be well on your side of the screen. : . While Doing some research on thehttps://cal.com/, I was able to find a Pre-Account Takeover vulnerability. Proof of concept: . I have created a video demonstration of the vulnerability and uploaded it to my Google Drive. . The link for the...

6.5CVSS8.4AI score0.08772EPSS
Exploits5References1
ATTACKERKB
ATTACKERKB
added 2022/07/17 11:15 a.m.3 views

CVE-2022-2133

The OAuth Single Sign On WordPress plugin before 6.22.6 doesn't validate that OAuth access token requests are legitimate, which allows attackers to log onto the site with the only knowledge of a user's email address...

5.3CVSS5.8AI score0.00988EPSS
Exploits2References2
Huntr
Huntr
added 2022/05/05 11:57 p.m.44 views

Users Account Pre-Takeover or Users Account Takeover.

Team, May you all be well on your side of the screen. : While Doing some research on the https://microweber.org, I was able to find a Pre-Account Takeover vulnerability. Kindly check the proof of concept video & reproduction steps for better understanding. Proof of concept: I have uploaded the bo...

6.8CVSS0.7AI score0.08772EPSS
Exploits4
The Hacker News
The Hacker News
added 2019/06/26 5:58 p.m.106 views

Account Takeover Vulnerability Found in Popular EA Games Origin Platform

A popular gaming platform used by hundreds of millions of people worldwide has been found vulnerable to multiple security flaws that could have allowed remote hackers to takeover players' accounts and steal sensitive data. The vulnerabilities in question reside in the "Origin" digital distributio...

7AI score
Exploits0
Rows per page
Query Builder