CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34149 – WordPress WP OAuth Server plugin <= 3.0.4 - Authentication Bypass vulnerability
https://notcve.org/view.php?id=CVE-2022-34149
Authentication Bypass vulnerability in miniOrange WP OAuth Server plugin <= 3.0.4 at WordPress. Una vulnerabilidad de Omisión de Autenticación en el plugin miniOrange WP OAuth Server versiones anteriores a 3.0.4 incluyéndola, en WordPress. The plugin WP OAuth Server for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0.4. This makes it possible for attackers to gain administrative access to affected sites. • https://lana.codes/lanavdb/6d794d65-d44b-4099-94c5-3dd2995b218c?_s_id=cve https://patchstack.com/database/vulnerability/miniorange-oauth-20-server/wordpress-wp-oauth-server-plugin-3-0-4-authentication-bypass-vulnerability?_s_id=cve • CWE-264: Permissions, Privileges, and Access Controls CWE-287: Improper Authentication CWE-288: Authentication Bypass Using an Alternate Path or Channel •