Lucene search
+L

104 matches found

OSV
OSV
added 2024/04/10 4:15 p.m.6 views

CVE-2024-31253

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in WP OAuth Server OAuth Server.This issue affects OAuth Server: from n/a through 4.3.3...

6.1CVSS7.3AI score0.00376EPSS
Exploits0References1
NVD
NVD
added 2024/04/10 4:15 p.m.27 views

CVE-2024-31253

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in WP OAuth Server OAuth Server.This issue affects OAuth Server: from n/a through 4.3.3...

6.1CVSS4.8AI score0.00376EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/10 3:27 p.m.19 views

CVE-2024-31253 WordPress WP OAuth Server (OAuth Authentication) plugin <= 4.3.3 - Open Redirection vulnerability

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in WP OAuth Server OAuth Server.This issue affects OAuth Server: from n/a through 4.3.3...

4.7CVSS6.8AI score0.00376EPSS
Exploits0References1
CVE
CVE
added 2024/04/10 3:27 p.m.91 views

CVE-2024-31253

CVE-2024-31253 describes an Open Redirect vulnerability in the WP OAuth Server (OAuth Server) plugin. According to the provided sources, the issue affects OAuth Server up to version 4.3.3 and can redirect users to an untrusted site. The Red Hat and Wordfence entries corroborate the same descripti...

6.1CVSS8.5AI score0.00376EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/04/10 12:0 a.m.9 views

PT-2024-23896 · WordPress · Wp Oauth Server

Name of the Vulnerable Software and Affected Versions: WP OAuth Server versions through 4.3.3 Description: The issue is related to a URL Redirection to Untrusted Site, also known as an 'Open Redirect' vulnerability, in WP OAuth Server. This vulnerability allows redirection to untrusted sites...

6.1CVSS9.1AI score0.00376EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/04/10 12:0 a.m.7 views

WordPress Plugin WP OAuth Server 输入验证错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. An input validation error...

6.1CVSS8.4AI score0.00376EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/04/05 5:58 a.m.8 views

WordPress WP OAuth Server (OAuth Authentication) plugin <= 4.3.3 - Open Redirection vulnerability

Open Redirection vulnerability discovered by Le Ngoc Anh Patchstack Alliance in WordPress Plugin OAuth Server versions = 4.3.3...

6.1CVSS7AI score0.00376EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/04/05 12:0 a.m.14 views

WordPress OAuth Server Plugin <= 4.3.3 is vulnerable to Open Redirection

Software OAuth Server Type Plugin Vulnerable versions = 4.3.3 Fixed in 4.4.0 OWASP Top 10 A5: Security Misconfiguration Classification Open Redirection CVE CVE-2024-31253 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID 0b209ddaec61 Credits Le Ngoc Anh Required privilege...

6.1CVSS6.5AI score0.00376EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/03/20 4:15 p.m.8 views

CVE-2022-4148

The WP OAuth Server OAuth Authentication WordPress plugin before 4.3.0 has a flawed CSRF and authorisation check when deleting a client, which could allow any authenticated users, such as subscriber to delete arbitrary client...

4.3CVSS5.9AI score0.00262EPSS
Exploits2References1
NVD
NVD
added 2023/03/20 4:15 p.m.30 views

CVE-2022-3894

The WP OAuth Server OAuth Authentication WordPress plugin before 4.2.5 does not have CSRF check when deleting a client, and does not ensure that the object to be deleted is actually a client, which could allow attackers to make a logged in admin delete arbitrary client and post via a CSRF attack...

4.3CVSS4.7AI score0.00252EPSS
Exploits2References1
NVD
NVD
added 2023/03/20 4:15 p.m.32 views

CVE-2022-4148

The WP OAuth Server OAuth Authentication WordPress plugin before 4.3.0 has a flawed CSRF and authorisation check when deleting a client, which could allow any authenticated users, such as subscriber to delete arbitrary client...

4.3CVSS4.7AI score0.00262EPSS
Exploits2References1
OSV
OSV
added 2023/03/20 4:15 p.m.7 views

CVE-2022-3894

The WP OAuth Server OAuth Authentication WordPress plugin before 4.2.5 does not have CSRF check when deleting a client, and does not ensure that the object to be deleted is actually a client, which could allow attackers to make a logged in admin delete arbitrary client and post via a CSRF attack...

4.3CVSS5.9AI score0.00252EPSS
Exploits2References1
Prion
Prion
added 2023/03/20 4:15 p.m.16 views

Cross site request forgery (csrf)

The WP OAuth Server OAuth Authentication WordPress plugin before 4.3.0 has a flawed CSRF and authorisation check when deleting a client, which could allow any authenticated users, such as subscriber to delete arbitrary client...

4CVSS4.7AI score0.00262EPSS
Exploits2References1Affected Software1
Prion
Prion
added 2023/03/20 4:15 p.m.16 views

Cross site request forgery (csrf)

The WP OAuth Server OAuth Authentication WordPress plugin before 4.2.5 does not have CSRF check when deleting a client, and does not ensure that the object to be deleted is actually a client, which could allow attackers to make a logged in admin delete arbitrary client and post via a CSRF attack...

4.3CVSS4.7AI score0.00252EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/20 3:52 p.m.7 views

CVE-2022-4148 WP OAuth Server < 4.3.0 - Subscriber+ Arbitrary Client Deletion

The WP OAuth Server OAuth Authentication WordPress plugin before 4.3.0 has a flawed CSRF and authorisation check when deleting a client, which could allow any authenticated users, such as subscriber to delete arbitrary client...

4.7AI score0.00262EPSS
Exploits2References1
CVE
CVE
added 2023/03/20 3:52 p.m.66 views

CVE-2022-4148

CVE-2022-4148 affects the WordPress WP OAuth Server (OAuth Authentication) plugin, prior to version 4.3.0. The vulnerability is a flawed CSRF and authorization check when deleting a client, potentially allowing any authenticated user (e.g., subscribers) to delete arbitrary clients. Affected compo...

4.3CVSS4.6AI score0.00262EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/20 3:52 p.m.11 views

CVE-2022-3894 WP OAuth Server < 4.2.5 - Arbitrary Post Deletion via CSRF

The WP OAuth Server OAuth Authentication WordPress plugin before 4.2.5 does not have CSRF check when deleting a client, and does not ensure that the object to be deleted is actually a client, which could allow attackers to make a logged in admin delete arbitrary client and post via a CSRF attack...

4.7AI score0.00252EPSS
Exploits2References1
CVE
CVE
added 2023/03/20 3:52 p.m.58 views

CVE-2022-3894

The CVE-2022-3894 entry concerns the WP OAuth Server (OAuth Authentication) WordPress plugin prior to version 4.2.5. Public details from connected sources confirm a concrete issue: lack of CSRF protection when deleting a client, and failure to verify that the target object is actually a client. T...

4.3CVSS4.6AI score0.00252EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2023/03/20 3:52 p.m.29 views

CVE-2022-3894 WP OAuth Server < 4.2.5 - Arbitrary Post Deletion via CSRF

The WP OAuth Server OAuth Authentication WordPress plugin before 4.2.5 does not have CSRF check when deleting a client, and does not ensure that the object to be deleted is actually a client, which could allow attackers to make a logged in admin delete arbitrary client and post via a CSRF attack...

5AI score0.00252EPSS
Exploits2References1
CNNVD
CNNVD
added 2023/03/20 12:0 a.m.43 views

WordPress plugin WP OAuth Server 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.3CVSS5.2AI score0.00262EPSS
Exploits2References2
Rows per page
Query Builder