### Impact `next-auth` applications using OAuth provider versions before `v4.20.1` are affected. A bad actor who can spy on the victim's network or able to social engineer the victim to click a manipu ...
Continue Reading
March 13, 2023
Fastly suffers from the poor practice of sending a temporary password in plaintext.Read More ...
Continue Reading
March 13, 2023
NextAuth.js is an open source authentication solution for Next.js applications. `next-auth` applications using OAuth provider versions before `v4.20.1` have been found to be subject to an authenticati ...
Continue Reading
March 09, 2023
Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as [Wordfence Intelligence](). This database is continuously upd ...
Continue Reading
March 09, 2023
The plugin does not have CSRF checks when deleting Identity Providers (IdP), which could allow attackers to make logged in admins delete arbitrary IdP via a CSRF attack ### PoC The PoC will be display ...
Continue Reading
March 07, 2023
The plugin does not have CSRF checks when deleting Identity Providers (IdP), which could allow attackers to make logged in admins delete arbitrary IdP via a CSRF attackRead More ...
Continue Reading
March 07, 2023
The plugin does not have CSRF checks when deleting Identity Providers (IdP), which could allow attackers to make logged in admins delete arbitrary IdP via a CSRF attack ### PoC The PoC will be display ...
Continue Reading
March 07, 2023
Back to Main
