CVE-2022-34155

HIGH

miniOrange OAuth Single Sign On - Auth Bypass

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-34155. PoCs published by vanh-88.

AI-analyzed exploit summary This repository contains a detailed technical analysis of CVE-2022-34155, an authentication bypass vulnerability in the miniOrange OAuth Single Sign-On plugin for WordPress. It includes root cause analysis, exploitation steps, and mitigation recommendations, but does not contain functional exploit code.

Description

Improper Authentication vulnerability in miniOrange OAuth Single Sign On – SSO (OAuth Client) plugin allows Authentication Bypass.This issue affects OAuth Single Sign On – SSO (OAuth Client): from n/a through 6.23.3.

Exploits (1)

nomisec WRITEUP
by vanh-88 · poc
https://github.com/vanh-88/CVE-2022-34155

This repository contains a detailed technical analysis of CVE-2022-34155, an authentication bypass vulnerability in the miniOrange OAuth Single Sign-On plugin for WordPress. It includes root cause analysis, exploitation steps, and mitigation recommendations, but does not contain functional exploit code.

Classification
Writeup 95%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: miniOrange OAuth Single Sign-On plugin for WordPress <= 6.23.3
No auth needed
Prerequisites: Access to a WordPress site with the vulnerable plugin installed · Ability to send HTTP requests to the target site
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 8.8
EPSS 0.0096
EPSS Percentile 56.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-287
Status published
Products (2)
miniOrange/OAuth Single Sign On – SSO (OAuth Client) < 6.23.3
miniorange/oauth_single_sign_on < 6.23.4
Published Jul 18, 2023
Tracked Since Feb 18, 2026