WordPress Plugin Vulnerabilities

WP OAuth Server <= 3.1.4 - Insecure Pseudor&om Number Generation

Description

The WP OAuth Server (OAuth Authentication) WordPress plugin was affected by an Insecure Pseudor&om Number Generation security vulnerability.

Affects Plugins

Plugin icon
oauth2-provider
Fixed in 3.1.5

References

CVE
CVE-2015-9435
URL
https://packetstormsecurity.com/files/#133062/
URL
https://advisories.dxw.com/advisories/the-oauth2-complete-plugin-for-wordpress-uses-a-pseudorandom-number-generator-which-is-non-cryptographically-secure/

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
6a243f3c-ed7b-4554-b828-45870a18a7c4

Timeline

Publicly Published
2015-08-12 (about 10 years ago)
Added
2015-08-14 (about 10 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2020-01-15
Title
Flamingo < 2.1.1 - CSV Injection
Published
2019-10-25
Title
Email Templates < 1.3.1 - HTML Injection
Published
2019-12-02
Title
Mesmerize & Materialis Themes - Authenticated Options Update
Published
2017-05-03
Title
WordPress 2.3-4.8.3 - Host Header Injection in Password Reset
Published
2014-08-01
Title
Group Documents 1.2.1 - bp-group-documents-settings.php file Parameter Remote Path Traversal File Location Manipulation