Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Oauth_server
(Dash10)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 3 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-03-20 | CVE-2022-3894 | The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.2.5 does not have CSRF check when deleting a client, and does not ensure that the object to be deleted is actually a client, which could allow attackers to make a logged in admin delete arbitrary client and post via a CSRF attack. | Oauth_server | 4.3 | ||
| 2023-03-20 | CVE-2022-4148 | The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.3.0 has a flawed CSRF and authorisation check when deleting a client, which could allow any authenticated users, such as subscriber to delete arbitrary client. | Oauth_server | 4.3 | ||
| 2019-09-26 | CVE-2015-9435 | The oauth2-provider plugin before 3.1.5 for WordPress has incorrect generation of random numbers. | Oauth_server | N/A |