Lucene search

PatchstackCVELIST:CVE-2022-34149

HistoryAug 22, 2022 - 2:50 p.m.

CVE-2022-34149 WordPress WP OAuth Server plugin <= 3.0.4 - Authentication Bypass vulnerability

2022-08-2214:50:02

CWE-264

Patchstack

www.cve.org

cve-2022-34149

wordpress

wp oauth server plugin

authentication bypass

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.002

Percentile

52.1%

JSON

Authentication Bypass vulnerability in miniOrange WP OAuth Server plugin <= 3.0.4 at WordPress.

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "miniorange-oauth-20-server",
    "product": "WP OAuth Server (WordPress plugin)",
    "vendor": "miniOrange",
    "versions": [
      {
        "changes": [
          {
            "at": "4.0.1",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "3.0.4",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

lana.codes/lanavdb/6d794d65-d44b-4099-94c5-3dd2995b218c?_s_id=cve

patchstack.com/database/vulnerability/miniorange-oauth-20-server/wordpress-wp-oauth-server-plugin-3-0-4-authentication-bypass-vulnerability?_s_id=cve

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.002

Percentile

52.1%

JSON

Related for CVELIST:CVE-2022-34149