CVE-2024-31253

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in WP OAuth Server OAuth Server.This issue affects OAuth Server: from n/a through 4.3.3...

WordPress OAuth Server Plugin <= 4.3.3 is vulnerable to Open Redirection

Software OAuth Server Type Plugin Vulnerable versions = 4.3.3 Fixed in 4.4.0 OWASP Top 10 A5: Security Misconfiguration Classification Open Redirection CVE CVE-2024-31253 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID 0b209ddaec61 Credits Le Ngoc Anh Required privilege...

CVE-2022-4148

The WP OAuth Server OAuth Authentication WordPress plugin before 4.3.0 has a flawed CSRF and authorisation check when deleting a client, which could allow any authenticated users, such as subscriber to delete arbitrary client...

WordPress OAuth Server Plugin <= 4.2.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software OAuth Server Type Plugin Vulnerable versions = 4.2.5 Fixed in 4.3.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE N/A Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 98e63ca58462 Credits Unknown Required privilege...

CVE-2022-34149

Authentication Bypass vulnerability in miniOrange WP OAuth Server plugin = 3.0.4 at WordPress...