CVE-2022-4305 Login as User or Customer < 3.3 - Unauthenticated Privilege Escalation to Admin

2023-01-2314:31:57

WPScan

www.cve.org

cve-2022-4305

admin session.

AI Score

9.6

Confidence

High

EPSS

0.154

Percentile

96.0%

JSON

The Login as User or Customer WordPress plugin before 3.3 lacks authorization checks to ensure that users are allowed to log in as another one, which could allow unauthenticated attackers to obtain a valid admin session.

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Login as User or Customer",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "3.3"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]