104 matches found
CVE-2024-31253
URL Redirection to Untrusted Site 'Open Redirect' vulnerability in WP OAuth Server OAuth Server.This issue affects OAuth Server: from n/a through 4.3.3...
CVE-2024-31253
URL Redirection to Untrusted Site 'Open Redirect' vulnerability in WP OAuth Server OAuth Server.This issue affects OAuth Server: from n/a through 4.3.3...
CVE-2024-31253 WordPress WP OAuth Server (OAuth Authentication) plugin <= 4.3.3 - Open Redirection vulnerability
URL Redirection to Untrusted Site 'Open Redirect' vulnerability in WP OAuth Server OAuth Server.This issue affects OAuth Server: from n/a through 4.3.3...
CVE-2024-31253
CVE-2024-31253 describes an Open Redirect vulnerability in the WP OAuth Server (OAuth Server) plugin. According to the provided sources, the issue affects OAuth Server up to version 4.3.3 and can redirect users to an untrusted site. The Red Hat and Wordfence entries corroborate the same descripti...
PT-2024-23896 · WordPress · Wp Oauth Server
Name of the Vulnerable Software and Affected Versions: WP OAuth Server versions through 4.3.3 Description: The issue is related to a URL Redirection to Untrusted Site, also known as an 'Open Redirect' vulnerability, in WP OAuth Server. This vulnerability allows redirection to untrusted sites...
WordPress Plugin WP OAuth Server 输入验证错误漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. An input validation error...
WordPress WP OAuth Server (OAuth Authentication) plugin <= 4.3.3 - Open Redirection vulnerability
Open Redirection vulnerability discovered by Le Ngoc Anh Patchstack Alliance in WordPress Plugin OAuth Server versions = 4.3.3...
WordPress OAuth Server Plugin <= 4.3.3 is vulnerable to Open Redirection
Software OAuth Server Type Plugin Vulnerable versions = 4.3.3 Fixed in 4.4.0 OWASP Top 10 A5: Security Misconfiguration Classification Open Redirection CVE CVE-2024-31253 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID 0b209ddaec61 Credits Le Ngoc Anh Required privilege...
CVE-2022-4148
The WP OAuth Server OAuth Authentication WordPress plugin before 4.3.0 has a flawed CSRF and authorisation check when deleting a client, which could allow any authenticated users, such as subscriber to delete arbitrary client...
CVE-2022-3894
The WP OAuth Server OAuth Authentication WordPress plugin before 4.2.5 does not have CSRF check when deleting a client, and does not ensure that the object to be deleted is actually a client, which could allow attackers to make a logged in admin delete arbitrary client and post via a CSRF attack...
CVE-2022-4148
The WP OAuth Server OAuth Authentication WordPress plugin before 4.3.0 has a flawed CSRF and authorisation check when deleting a client, which could allow any authenticated users, such as subscriber to delete arbitrary client...
CVE-2022-3894
The WP OAuth Server OAuth Authentication WordPress plugin before 4.2.5 does not have CSRF check when deleting a client, and does not ensure that the object to be deleted is actually a client, which could allow attackers to make a logged in admin delete arbitrary client and post via a CSRF attack...
Cross site request forgery (csrf)
The WP OAuth Server OAuth Authentication WordPress plugin before 4.3.0 has a flawed CSRF and authorisation check when deleting a client, which could allow any authenticated users, such as subscriber to delete arbitrary client...
Cross site request forgery (csrf)
The WP OAuth Server OAuth Authentication WordPress plugin before 4.2.5 does not have CSRF check when deleting a client, and does not ensure that the object to be deleted is actually a client, which could allow attackers to make a logged in admin delete arbitrary client and post via a CSRF attack...
CVE-2022-4148 WP OAuth Server < 4.3.0 - Subscriber+ Arbitrary Client Deletion
The WP OAuth Server OAuth Authentication WordPress plugin before 4.3.0 has a flawed CSRF and authorisation check when deleting a client, which could allow any authenticated users, such as subscriber to delete arbitrary client...
CVE-2022-4148
CVE-2022-4148 affects the WordPress WP OAuth Server (OAuth Authentication) plugin, prior to version 4.3.0. The vulnerability is a flawed CSRF and authorization check when deleting a client, potentially allowing any authenticated user (e.g., subscribers) to delete arbitrary clients. Affected compo...
CVE-2022-3894 WP OAuth Server < 4.2.5 - Arbitrary Post Deletion via CSRF
The WP OAuth Server OAuth Authentication WordPress plugin before 4.2.5 does not have CSRF check when deleting a client, and does not ensure that the object to be deleted is actually a client, which could allow attackers to make a logged in admin delete arbitrary client and post via a CSRF attack...
CVE-2022-3894
The CVE-2022-3894 entry concerns the WP OAuth Server (OAuth Authentication) WordPress plugin prior to version 4.2.5. Public details from connected sources confirm a concrete issue: lack of CSRF protection when deleting a client, and failure to verify that the target object is actually a client. T...
CVE-2022-3894 WP OAuth Server < 4.2.5 - Arbitrary Post Deletion via CSRF
The WP OAuth Server OAuth Authentication WordPress plugin before 4.2.5 does not have CSRF check when deleting a client, and does not ensure that the object to be deleted is actually a client, which could allow attackers to make a logged in admin delete arbitrary client and post via a CSRF attack...
WordPress plugin WP OAuth Server 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...