Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wp-oauth wp oauth server vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-3892
The WP OAuth Server (OAuth Authentication) WordPress plugin prior to 4.2.2 does not sanitize and escape Client IDs, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for exam...
Wp-oauth Wp Oauth Server
NA
CVE-2022-3926
The WP OAuth Server (OAuth Authentication) WordPress plugin prior to 3.4.2 does not have CSRF check when regenerating secrets, which could allow malicious users to make logged in admins regenerate the secret of an arbitrary client given they know the client ID
Wp-oauth Wp Oauth Server
NA
CVE-2022-34149
Authentication Bypass vulnerability in miniOrange WP OAuth Server plugin <= 3.0.4 at WordPress.
Miniorange Wp Oauth Server
NA
CVE-2022-4148
The WP OAuth Server (OAuth Authentication) WordPress plugin prior to 4.3.0 has a flawed CSRF and authorisation check when deleting a client, which could allow any authenticated users, such as subscriber to delete arbitrary client.
Dash10 Oauth Server
NA
CVE-2022-3894
The WP OAuth Server (OAuth Authentication) WordPress plugin prior to 4.2.5 does not have CSRF check when deleting a client, and does not ensure that the object to be deleted is actually a client, which could allow malicious users to make a logged in admin delete arbitrary client ...
Dash10 Oauth Server
NA
CVE-2024-31253
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WP OAuth Server OAuth Server.This issue affects OAuth Server: from n/a up to and including 4.3.3.
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
client side
CVE-2023-31889
template injection
CVE-2024-4304
CVE-2006-4304
CVE-2024-33272
type confusion
CVE-2024-21345
CVE-2024-33271
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started