WP OAuth2 Server <= 1.0.1 – Authentication Bypass | CVE 2022-34839

Affects Plugins

oauth2-server

No known fix

References

CVE

CVE-2022-34839

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

5.9 (medium)

Miscellaneous

Original Researcher

Lana Codes

Verified

No

WPVDB ID

1f1e3d5a-e813-410b-86aa-51f9dd989554

Timeline

Publicly Published

2022-07-18 (about 3 years ago)

Added

2022-07-25 (about 3 years ago)

Last Updated

2022-08-25 (about 3 years ago)

Other

Published

Title

Published

2026-01-13

Title

LinkedIn SC <= 1.1.9 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Page

Published

2024-08-16

Title

FormFacade < 1.3.3 - Reflected Cross-Site Scripting

Published

2025-01-16

Title

Form To JSON <= 1.0 - Reflected Cross-Site Scripting

Published

2021-09-20

Title

Tutor LMS < 1.9.9 - Multiple Admin+ Stored Cross-Site Scripting

Published

2024-06-06

Title

Block for Font Awesome < 1.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting