Lucene search
+L

104 matches found

CNNVD
CNNVD
added 2022/12/05 12:0 a.m.5 views

WordPress plugin WP OAuth Server 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

4.8CVSS4.9AI score0.00485EPSS
Exploits2References2
NVD
NVD
added 2022/08/22 3:15 p.m.21 views

CVE-2022-34149

Authentication Bypass vulnerability in miniOrange WP OAuth Server plugin = 3.0.4 at WordPress...

9.8CVSS0.01025EPSS
Exploits1References2
OSV
OSV
added 2022/08/22 3:15 p.m.7 views

CVE-2022-34149

Authentication Bypass vulnerability in miniOrange WP OAuth Server plugin = 3.0.4 at WordPress...

9.8CVSS5.8AI score0.01025EPSS
Exploits1References2
Prion
Prion
added 2022/08/22 3:15 p.m.20 views

Authentication flaw

Authentication Bypass vulnerability in miniOrange WP OAuth Server plugin = 3.0.4 at WordPress...

7.5CVSS9.4AI score0.01025EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/08/22 2:50 p.m.36 views

CVE-2022-34149 WordPress WP OAuth Server plugin <= 3.0.4 - Authentication Bypass vulnerability

Authentication Bypass vulnerability in miniOrange WP OAuth Server plugin = 3.0.4 at WordPress...

9.8CVSS9.7AI score0.01025EPSS
Exploits1References2
CVE
CVE
added 2022/08/22 2:50 p.m.309 views

CVE-2022-34149

CVE-2022-34149 : Authentication bypass in the WordPress plugin miniOrange WP OAuth Server for versions

9.8CVSS9.6AI score0.01025EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/08/22 2:50 p.m.13 views

CVE-2022-34149 WordPress WP OAuth Server plugin <= 3.0.4 - Authentication Bypass vulnerability

Authentication Bypass vulnerability in miniOrange WP OAuth Server plugin = 3.0.4 at WordPress...

9.8CVSS9.5AI score0.01025EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/08/22 12:0 a.m.13 views

PT-2022-22022 · WordPress · Miniorange Wp Oauth Server

Name of the Vulnerable Software and Affected Versions: miniOrange WP OAuth Server plugin versions = 3.0.4 Description: The issue is related to an Authentication Bypass vulnerability. It affects the miniOrange WP OAuth Server plugin at WordPress. Recommendations: For versions = 3.0.4, update to a...

9.8CVSS7.1AI score0.01025EPSS
Exploits1References5
CNNVD
CNNVD
added 2022/08/22 12:0 a.m.11 views

WordPress plugin WP OAuth Server 权限许可和访问控制问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin WP OAuth...

9.8CVSS8.4AI score0.01025EPSS
Exploits1References4
wpexploit
wpexploit
added 2022/08/09 12:0 a.m.276 views

Simple Single Sign On <= 4.1.0 - Authentication Bypass

The plugin leaks its OAuth clientsecret, which could be used by attackers to gain unauthorized access to the site. When we click the "Single Sign On" button, the plugin redirects us to the OAuth server to authenticate ourselves if we are not logged in. The button invokes the following URL:...

7.5CVSS2AI score0.00619EPSS
Exploits2References1
Patchstack
Patchstack
added 2022/08/02 12:0 a.m.37 views

WordPress WP OAuth Server plugin <= 3.0.4 - Authentication Bypass vulnerability

Authentication Bypass vulnerability discovered by Lana Codes in WordPress WP OAuth Server plugin versions = 3.0.4. Solution Update the WordPress WP OAuth Server plugin to the latest available version at least 4.0.1...

9.8CVSS3.4AI score0.01025EPSS
Exploits1Affected Software1
OSV
OSV
added 2022/07/22 5:15 p.m.6 views

CVE-2022-34839

Authentication Bypass vulnerability in CodexShaper's WP OAuth2 Server plugin = 1.0.1 at WordPress...

9.8CVSS5.8AI score0.0088EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/07/22 12:0 a.m.9 views

WordPress plugin WP OAuth2 Server 授权问题漏洞

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. An access control error vulnerability exists in WordPress WP OAuth2 Server 1.0.1 and prior versions, which stems from an improper access control...

9.8CVSS5.7AI score0.0088EPSS
Exploits0References3
OSV
OSV
added 2022/06/29 2:15 p.m.29 views

CVE-2020-26877

ApiFest OAuth 2.0 Server 0.3.1 does not validate the redirect URI in accordance with RFC 6749 and is susceptible to an open redirector attack. Specifically, it directly sends an authorization code to the redirect URI submitted with the authorization request, without checking whether the redirect...

6.1CVSS6.7AI score
Exploits0References3
WPVulnDB
WPVulnDB
added 2022/06/20 12:0 a.m.262 views

WP OAuth Server ( Login with WordPress ) < 4.0.1 - Authentication Bypass

The plugin is affected by an Auth Bypass security vulnerability. To bypass authentication, we only need to know the user’s username. Depending on whose username we know, which can be easily queried because it is usually public data, we may even be given an administrative role on the client’s...

9.8CVSS1.7AI score0.01025EPSS
Exploits1Affected Software1
OSV
OSV
added 2022/05/13 1:12 a.m.23 views

GHSA-JGWG-35HF-XQRR Withdrawn Advisory: OpenShift OAuth Server XSS Vulnerability

Withdrawn Advisory This advisory has been withdrawn because the vulnerability does not affect a package in one of the GitHub Advisory Database's supported ecosystems. This link is maintained to preserve external references. Original Description A flaw was found in the /oauth/token/request custom...

6.3CVSS6.1AI score0.00674EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2019/11/13 6:35 p.m.59 views

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.2.4 oauth-server-container security update

An update for oauth-server-container is now available for Red Hat OpenShift Container Platform 4.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

5.4CVSS5.8AI score0.00876EPSS
Exploits0References2
Prion
Prion
added 2019/04/01 3:29 p.m.25 views

Cross site request forgery (csrf)

A flaw was found in the /oauth/token/request custom endpoint of the OpenShift OAuth server allowing for XSS generation of CLI tokens due to missing X-Frame-Options and CSRF protections. If not otherwise prevented, a separate XSS vulnerability via JavaScript could further allow for the extraction ...

4.3CVSS6.2AI score0.00674EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2019/04/01 2:15 p.m.38 views

CVE-2019-3876

A flaw was found in the /oauth/token/request custom endpoint of the OpenShift OAuth server allowing for XSS generation of CLI tokens due to missing X-Frame-Options and CSRF protections. If not otherwise prevented, a separate XSS vulnerability via JavaScript could further allow for the extraction ...

5CVSS6.1AI score0.00674EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 10:33 p.m.35 views

Security Bulletin: Reflected XSS in IBM Worklight OAuth Server Web Api

Summary A Reflected Cross Site Scripting XSS vulnerability exists in the authorization function exposed by RESTful Web Api of IBM Worklight Framework. The vulnerable parameter is "scope", if you set as value a "realm"; not defined in authenticationConfig.xml you get an HTTP 403 Forbidden response...

6.1CVSS0.3AI score0.00779EPSS
Exploits1Affected Software1
Rows per page
Query Builder