CVE-2022-34149

CRITICAL

miniOrange WP OAuth Server <3.0.4 - Auth Bypass

Title source: llm

Authentication Bypass vulnerability in miniOrange WP OAuth Server plugin <= 3.0.4 at WordPress.

Core 2

Core References

Various Sources third-party-advisory

Third Party Advisory vdb-entry

CVSS v3 9.8

EPSS 0.0103

EPSS Percentile 59.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

CWE

CWE-264 CWE-287

Status published

Products (2)

miniOrange/WP OAuth Server (WordPress plugin) < 3.0.4

miniorange/wp_oauth_server < 3.0.4

Published Aug 22, 2022

Tracked Since Feb 18, 2026