CVE-2022-34149 – WordPress WP OAuth Server plugin <= 3.0.4 - Authentication Bypass vulnerability

https://notcve.org/view.php?id=CVE-2022-34149

02 Aug 2022 — Authentication Bypass vulnerability in miniOrange WP OAuth Server plugin <= 3.0.4 at WordPress. Una vulnerabilidad de Omisión de Autenticación en el plugin miniOrange WP OAuth Server versiones anteriores a 3.0.4 incluyéndola, en WordPress. The plugin WP OAuth Server for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0.4. This makes it possible for attackers to gain administrative access to affected sites. • https://lana.codes/lanavdb/6d794d65-d44b-4099-94c5-3dd2995b218c?_s_id=cve • CWE-264: Permissions, Privileges, and Access Controls CWE-287: Improper Authentication CWE-288: Authentication Bypass Using an Alternate Path or Channel •