104 matches found
WordPress plugin WP OAuth Server 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
CVE-2022-34149
Authentication Bypass vulnerability in miniOrange WP OAuth Server plugin = 3.0.4 at WordPress...
CVE-2022-34149
Authentication Bypass vulnerability in miniOrange WP OAuth Server plugin = 3.0.4 at WordPress...
Authentication flaw
Authentication Bypass vulnerability in miniOrange WP OAuth Server plugin = 3.0.4 at WordPress...
CVE-2022-34149 WordPress WP OAuth Server plugin <= 3.0.4 - Authentication Bypass vulnerability
Authentication Bypass vulnerability in miniOrange WP OAuth Server plugin = 3.0.4 at WordPress...
CVE-2022-34149
CVE-2022-34149 : Authentication bypass in the WordPress plugin miniOrange WP OAuth Server for versions
CVE-2022-34149 WordPress WP OAuth Server plugin <= 3.0.4 - Authentication Bypass vulnerability
Authentication Bypass vulnerability in miniOrange WP OAuth Server plugin = 3.0.4 at WordPress...
PT-2022-22022 · WordPress · Miniorange Wp Oauth Server
Name of the Vulnerable Software and Affected Versions: miniOrange WP OAuth Server plugin versions = 3.0.4 Description: The issue is related to an Authentication Bypass vulnerability. It affects the miniOrange WP OAuth Server plugin at WordPress. Recommendations: For versions = 3.0.4, update to a...
WordPress plugin WP OAuth Server 权限许可和访问控制问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin WP OAuth...
Simple Single Sign On <= 4.1.0 - Authentication Bypass
The plugin leaks its OAuth clientsecret, which could be used by attackers to gain unauthorized access to the site. When we click the "Single Sign On" button, the plugin redirects us to the OAuth server to authenticate ourselves if we are not logged in. The button invokes the following URL:...
WordPress WP OAuth Server plugin <= 3.0.4 - Authentication Bypass vulnerability
Authentication Bypass vulnerability discovered by Lana Codes in WordPress WP OAuth Server plugin versions = 3.0.4. Solution Update the WordPress WP OAuth Server plugin to the latest available version at least 4.0.1...
CVE-2022-34839
Authentication Bypass vulnerability in CodexShaper's WP OAuth2 Server plugin = 1.0.1 at WordPress...
WordPress plugin WP OAuth2 Server 授权问题漏洞
WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. An access control error vulnerability exists in WordPress WP OAuth2 Server 1.0.1 and prior versions, which stems from an improper access control...
CVE-2020-26877
ApiFest OAuth 2.0 Server 0.3.1 does not validate the redirect URI in accordance with RFC 6749 and is susceptible to an open redirector attack. Specifically, it directly sends an authorization code to the redirect URI submitted with the authorization request, without checking whether the redirect...
WP OAuth Server ( Login with WordPress ) < 4.0.1 - Authentication Bypass
The plugin is affected by an Auth Bypass security vulnerability. To bypass authentication, we only need to know the user’s username. Depending on whose username we know, which can be easily queried because it is usually public data, we may even be given an administrative role on the client’s...
GHSA-JGWG-35HF-XQRR Withdrawn Advisory: OpenShift OAuth Server XSS Vulnerability
Withdrawn Advisory This advisory has been withdrawn because the vulnerability does not affect a package in one of the GitHub Advisory Database's supported ecosystems. This link is maintained to preserve external references. Original Description A flaw was found in the /oauth/token/request custom...
Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.2.4 oauth-server-container security update
An update for oauth-server-container is now available for Red Hat OpenShift Container Platform 4.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...
Cross site request forgery (csrf)
A flaw was found in the /oauth/token/request custom endpoint of the OpenShift OAuth server allowing for XSS generation of CLI tokens due to missing X-Frame-Options and CSRF protections. If not otherwise prevented, a separate XSS vulnerability via JavaScript could further allow for the extraction ...
CVE-2019-3876
A flaw was found in the /oauth/token/request custom endpoint of the OpenShift OAuth server allowing for XSS generation of CLI tokens due to missing X-Frame-Options and CSRF protections. If not otherwise prevented, a separate XSS vulnerability via JavaScript could further allow for the extraction ...
Security Bulletin: Reflected XSS in IBM Worklight OAuth Server Web Api
Summary A Reflected Cross Site Scripting XSS vulnerability exists in the authorization function exposed by RESTful Web Api of IBM Worklight Framework. The vulnerable parameter is "scope", if you set as value a "realm"; not defined in authenticationConfig.xml you get an HTTP 403 Forbidden response...