WP OAuth Server (Login with WordPress) by miniOrange <= 3.0.4 - Auth Bypass
REPORT ID: 0b92727e-5d05-4e34-866c-a6a4355aa000
The plugin contains an Auth Bypass vulnerability. To bypass authentication, the attacker only needs to know user’s username. Depending on the username, which can be easily queried because it is usually public data, the attacker may even get an administrator role on the client's website.
You need to log in to view the vulnerability details.