Lucene search
WPScanCVE-2022-4305HistoryJan 23, 2023 - 3:15 p.m.
CVE-2022-4305
2023-01-2315:15:14
WPScan
web.nvd.nist.gov
38
cve-2022-4305
wordpress plugin
authorization bypass
unauthenticated attack
admin session
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.3
Confidence
High
EPSS
0.154
Percentile
96.0%
The Login as User or Customer WordPress plugin before 3.3 lacks authorization checks to ensure that users are allowed to log in as another one, which could allow unauthenticated attackers to obtain a valid admin session.
Affected configurations
Node
wp-buylogin_as_user_or_customer_\(user_switching\)Range<3.3wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| wp-buy | login_as_user_or_customer_\(user_switching\) | * | cpe:2.3:a:wp-buy:login_as_user_or_customer_\(user_switching\):*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "Login as User or Customer",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "3.3"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
wpvulndb
wpvulndb
wpexploit
wpexploit
cvelist
cvelist
nuclei
nuclei
Login as User or Customer < 3.3 - Privilege Escalation
2023-10-17 07:20:28
nvd
nvd
CVE-2022-4305
2023-01-23 15:15:14
prion
prion
Authorization
2023-01-23 15:15:00
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.3
Confidence
High
EPSS
0.154
Percentile
96.0%
Related for CVE-2022-4305