Permalink
CVE-2024-31253
4.7 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): REQUIRED
- Scope (S): CHANGED
- Confidentiality impact (C): LOW
- Integrity impact (I): NONE
- Availability impact (A): NONE
WordPress WP OAuth Server (OAuth Authentication) plugin <= 4.3.3 - Open Redirection vulnerability
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WP OAuth Server OAuth Server.This issue affects OAuth Server: from n/a through 4.3.3.
References
- https://patchstack.com/database/vulnerability/oauth2-provider/wordpress-wp-oaut… vdb-entry
- https://patchstack.com/database/vulnerability/oauth2-provider/wordpress-wp-oaut… vdb-entry
- https://patchstack.com/database/vulnerability/oauth2-provider/wordpress-wp-oaut… vdb-entry
- https://patchstack.com/database/vulnerability/oauth2-provider/wordpress-wp-oaut… x_transferred vdb-entry
Affected products
oauth2-provider
- =<4.3.3
Matching in nixpkgs
pkgs.haskellPackages.hoauth2-providers
OAuth2 Identity Providers
-
nixos-unstable -
- nixpkgs-unstable 0.8.0