PT-2025-46272 · WordPress · Wp-Oauth
Published
2025-11-11
·
Updated
2025-11-11
·
CVE-2025-12021
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
WP-OAuth plugin for WordPress versions up to and including 0.4.1
Description
The WP-OAuth plugin for WordPress is susceptible to Reflected Cross-Site Scripting. This is due to insufficient input sanitization and output escaping related to the
error description parameter. An unauthenticated attacker can inject arbitrary web scripts into pages, potentially executing if a user is tricked into performing an action like clicking a malicious link.Recommendations
Update the WP-OAuth plugin to a version newer than 0.4.1.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wp-Oauth