exploitDog

CVE-2015-9435

Опубликовано: 26 сент. 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

The oauth2-provider plugin before 3.1.5 for WordPress has incorrect generation of random numbers.

Ссылки

https://security.dxw.com/advisories/the-oauth2-complete-plugin-for-wordpress-uses-a-pseudorandom-number-generator-which-is-non-cryptographically-secure/
Third Party Advisory
https://wordpress.org/plugins/oauth2-provider/#developers
Product
Vendor Advisory
https://security.dxw.com/advisories/the-oauth2-complete-plugin-for-wordpress-uses-a-pseudorandom-number-generator-which-is-non-cryptographically-secure/
Third Party Advisory
https://wordpress.org/plugins/oauth2-provider/#developers
Product
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:dash10:oauth_server:*:*:*:*:*:wordpress:*:*

Версия до 3.1.5 (исключая)

EPSS

Процентиль: 66%

0.00515

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-338

Связанные уязвимости

GHSA-hf64-c32f-4gj5

github

больше 3 лет назад

The oauth2-provider plugin before 3.1.5 for WordPress has incorrect generation of random numbers.

EPSS

Процентиль: 66%

0.00515

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-338