VYPR
Vendor

Wp OAuth

Products
1
CVEs
7
Across products
7
Status
Private

Products

1

Recent CVEs

7
  • CVE-2022-34149CriAug 22, 2022
    risk 0.64cvss 9.8epss 0.01

    Authentication Bypass vulnerability in miniOrange WP OAuth Server plugin <= 3.0.4 at WordPress.

  • CVE-2022-3926MedDec 5, 2022
    risk 0.42cvss 6.5epss 0.00

    The WP OAuth Server (OAuth Authentication) WordPress plugin before 3.4.2 does not have CSRF check when regenerating secrets, which could allow attackers to make logged in admins regenerate the secret of an arbitrary client given they know the client ID

  • CVE-2022-34839MedJul 22, 2022
    risk 0.38cvss 5.9epss 0.01

    Authentication Bypass vulnerability in CodexShaper's WP OAuth2 Server plugin <= 1.0.1 at WordPress.

  • CVE-2024-11217MedNov 15, 2024
    risk 0.32cvss 4.9epss 0.00

    A vulnerability was found in the OAuth-server. OAuth-server logs the OAuth2 client secret when the logLevel is Debug higher for OIDC/GitHub/GitLab/Google IDPs login options.

  • CVE-2024-31253MedApr 10, 2024
    risk 0.31cvss 4.7epss 0.00

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WP OAuth Server OAuth Server.This issue affects OAuth Server: from n/a through 4.3.3.

  • CVE-2022-3892MedDec 5, 2022
    risk 0.31cvss 4.8epss 0.00

    The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.2.2 does not sanitize and escape Client IDs, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for…

  • CVE-2022-4148MedMar 20, 2023
    risk 0.28cvss 4.3epss 0.00

    The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.3.0 has a flawed CSRF and authorisation check when deleting a client, which could allow any authenticated users, such as subscriber to delete arbitrary client.