← Back

Dash10

dash10

3 CVEs • 1 product

Products (1)

Click to collapse
Toggle
Oauth Server
oauth_server

CVEs (3)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
1Dash10
1Oauth Server
Jun 17, 2026
Mar 20, 2023
N/A· v4
4.3 MEDIUM· v3
N/A· v2
The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.3.0 has a flawed CSRF and authorisation check when deleting a client, which could allow any authenticated users, such as subscriber to delete arbitrary...Show more
The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.3.0 has a flawed CSRF and authorisation check when deleting a client, which could allow any authenticated users, such as subscriber to delete arbitrary client.Show less
1Dash10
1Oauth Server
Jun 17, 2026
Mar 20, 2023
N/A· v4
4.3 MEDIUM· v3
N/A· v2
The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.2.5 does not have CSRF check when deleting a client, and does not ensure that the object to be deleted is actually a client, which could allow attacker...Show more
The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.2.5 does not have CSRF check when deleting a client, and does not ensure that the object to be deleted is actually a client, which could allow attackers to make a logged in admin delete arbitrary client and post via a CSRF attack.Show less
1Dash10
1Oauth Server
Nov 21, 2024
Sep 26, 2019
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
The oauth2-provider plugin before 3.1.5 for WordPress has incorrect generation of random numbers.