Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wp-oauth wp oauth server vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-3926
The WP OAuth Server (OAuth Authentication) WordPress plugin prior to 3.4.2 does not have CSRF check when regenerating secrets, which could allow malicious users to make logged in admins regenerate the secret of an arbitrary client given they know the client ID
Wp-oauth Wp Oauth Server
NA
CVE-2022-3892
The WP OAuth Server (OAuth Authentication) WordPress plugin prior to 4.2.2 does not sanitize and escape Client IDs, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for exam...
Wp-oauth Wp Oauth Server
NA
CVE-2022-34149
Authentication Bypass vulnerability in miniOrange WP OAuth Server plugin <= 3.0.4 at WordPress.
Miniorange Wp Oauth Server
NA
CVE-2022-4148
The WP OAuth Server (OAuth Authentication) WordPress plugin prior to 4.3.0 has a flawed CSRF and authorisation check when deleting a client, which could allow any authenticated users, such as subscriber to delete arbitrary client.
Dash10 Oauth Server
NA
CVE-2022-3894
The WP OAuth Server (OAuth Authentication) WordPress plugin prior to 4.2.5 does not have CSRF check when deleting a client, and does not ensure that the object to be deleted is actually a client, which could allow malicious users to make a logged in admin delete arbitrary client ...
Dash10 Oauth Server
NA
CVE-2024-31253
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WP OAuth Server OAuth Server.This issue affects OAuth Server: from n/a up to and including 4.3.3.
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started