Lucene search

PatchstackCVELIST:CVE-2022-34839

HistoryJul 18, 2022 - 12:00 a.m.

CVE-2022-34839 WordPress WP OAuth2 Server plugin <= 1.0.1 - Authentication Bypass vulnerability

2022-07-1800:00:00

Patchstack

www.cve.org

cve-2022-34839

wp oauth2 server plugin

authentication bypass

wordpress

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

9.7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.6%

JSON

Authentication Bypass vulnerability in CodexShaper’s WP OAuth2 Server plugin <= 1.0.1 at WordPress.

CNA Affected

[
  {
    "product": "WP OAuth2 Server (WordPress plugin)",
    "vendor": "CodexShaper",
    "versions": [
      {
        "lessThanOrEqual": "1.0.1",
        "status": "affected",
        "version": "<= 1.0.1",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/oauth2-server/wordpress-wp-oauth2-server-plugin-1-0-1-authentication-bypass-vulnerability

wordpress.org/plugins/oauth2-server/#description

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

9.7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.6%

JSON

Related for CVELIST:CVE-2022-34839