Lucene search
HistoryAug 22, 2022 - 3:15 p.m.
CVE-2022-34858
cve-2022-34858
authentication bypass
miniorange
oauth 2.0
sso
wordpress
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.4 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
68.0%
Authentication Bypass vulnerability in miniOrange OAuth 2.0 client for SSO plugin <= 1.11.3 at WordPress.
Affected configurations
Node
miniorangeoauth_2.0_client_for_ssoRange≤1.11.3
| Vendor | Product | Version | CPE |
|---|---|---|---|
| miniorange | oauth_2\.0_client_for_sso | * | cpe:2.3:a:miniorange:oauth_2\.0_client_for_sso:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "oauth-client",
"product": "OAuth 2.0 client for SSO (WordPress plugin)",
"vendor": "miniOrange",
"versions": [
{
"changes": [
{
"at": "1.11.4",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.11.3",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
]References
Social References
More
Related
nvd
nvd
CVE-2022-34858
2022-08-22 15:15:16
cvelist
cvelist
prion
prion
Authentication flaw
2022-08-22 15:15:00
wpvulndb
wpvulndb
OAuth 2.0 client for SSO < 1.11.4 - Authenticated Bypass
2022-06-21 00:00:00
patchstack
patchstack
wpexploit
wpexploit
OAuth 2.0 client for SSO < 1.11.4 - Authenticated Bypass
2022-06-21 00:00:00
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.4 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
68.0%
Related for CVE-2022-34858