Lucene search

WPScanCVE-2022-4693

HistoryJan 23, 2023 - 3:15 p.m.

CVE-2022-4693

2023-01-2315:15:16

CWE-522

WPScan

web.nvd.nist.gov

cve-2022-4693

user verification

wordpress

plugin

security vulnerability

auth bypass

nvd

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.004

Percentile

72.7%

JSON

The User Verification WordPress plugin before 1.0.94 was affected by an Auth Bypass security vulnerability. To bypass authentication, we only need to know the user’s username. Depending on whose username we know, which can be easily queried because it is usually public data, we may even be given an administrative role on the website.

Affected configurations

Nvd

Vulners

Node

pickpluginsuser_verificationRange<1.0.94wordpress

VendorProductVersionCPE
pickpluginsuser_verification*cpe:2.3:a:pickplugins:user_verification:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
pickplugins	user_verification	*	cpe:2.3:a:pickplugins:user_verification::::::wordpress::*

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "User Verification",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.0.94"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

References

lana.codes/lanavdb/eeabe1d3-6f64-400a-8fb2-0865efdf6957

wpscan.com/vulnerability/1eee10a8-135f-4b76-8289-c381ff1f51ea

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.004

Percentile

72.7%

JSON

Related for CVE-2022-4693