Vulnerabilities > Dash10

DATE	CVE	VULNERABILITY TITLE	RISK
2023-03-20	CVE-2022-3894	Unspecified vulnerability in Dash10 Oauth Server The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.2.5 does not have CSRF check when deleting a client, and does not ensure that the object to be deleted is actually a client, which could allow attackers to make a logged in admin delete arbitrary client and post via a CSRF attack. network low complexity dash10	4.3
2023-03-20	CVE-2022-4148	Missing Authorization vulnerability in Dash10 Oauth Server The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.3.0 has a flawed CSRF and authorisation check when deleting a client, which could allow any authenticated users, such as subscriber to delete arbitrary client. network low complexity dash10 CWE-862	4.3
2019-09-26	CVE-2015-9435	Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Dash10 Oauth Server The oauth2-provider plugin before 3.1.5 for WordPress has incorrect generation of random numbers. network low complexity dash10 CWE-338 critical	9.8

Vulnerabilities > Dash10 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Dash10"}]}