Daggerhart Openid Connect Generic Client vulnerabilities
2 known vulnerabilities affecting daggerhart/openid_connect_generic_client.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2021-24214P3MEDIUMCVSS 6.1PoC≥ 3.8.0, < 3.8.0*≥ 3.8.2, < 3.8.22021-05-06
CVE-2021-24214 [MEDIUM] CWE-79 CVE-2021-24214: The OpenID Connect Generic Client WordPress plugin 3.8.0 and 3.8.1 did not sanitise the login error
The OpenID Connect Generic Client WordPress plugin 3.8.0 and 3.8.1 did not sanitise the login error when output back in the login form, leading to a reflected Cross-Site Scripting issue. This issue does not require authentication and can be exploited with the default configuration.
nvd
CVE-2025-13730P4MEDIUMCVSS 6.4≤ 3.10.02025-12-18
CVE-2025-13730 [MEDIUM] CWE-79 CVE-2025-13730: The OpenID Connect Generic Client plugin for WordPress is vulnerable to Stored Cross-Site Scripting
The OpenID Connect Generic Client plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'openid_connect_generic_auth_url' shortcode in all versions up to, and including, 3.10.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and a
nvd