CVE-2015-9435

WP OAuth Server (OAuth Authentication) < 3.1.5 - Pseudorandom Number Generation

criticalUse of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

9.8

CVSS Score

9.8

CVSS Score

critical

Severity

3.1.5

Patched in

3086d

Time to patch

The oauth2-provider plugin before 3.1.5 for WordPress has incorrect generation of random numbers.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

High

Confidentiality

High

Integrity

High

Availability

Affected versions<3.1.5

PublishedAugust 12, 2015

Last updatedJanuary 22, 2024

References

Check if your site is affected.

Run a free security audit to detect vulnerable plugins, outdated versions, and misconfigurations.