Lucene search
HistoryJan 23, 2023 - 3:15 p.m.
CVE-2022-4305
wordpress
plugin
authorization
unauthenticated
attackers
admin session
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.4
Confidence
High
EPSS
0.154
Percentile
96.0%
The Login as User or Customer WordPress plugin before 3.3 lacks authorization checks to ensure that users are allowed to log in as another one, which could allow unauthenticated attackers to obtain a valid admin session.
Affected configurations
Node
wp-buylogin_as_user_or_customer_\(user_switching\)Range<3.3wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| wp-buy | login_as_user_or_customer_\(user_switching\) | * | cpe:2.3:a:wp-buy:login_as_user_or_customer_\(user_switching\):*:*:*:*:*:wordpress:*:* |
Related
wpvulndb
wpvulndb
cvelist
cvelist
wpexploit
wpexploit
cve
cve
CVE-2022-4305
2023-01-23 15:15:14
nuclei
nuclei
Login as User or Customer < 3.3 - Privilege Escalation
2023-10-17 07:20:28
prion
prion
Authorization
2023-01-23 15:15:00
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.4
Confidence
High
EPSS
0.154
Percentile
96.0%
Related for NVD:CVE-2022-4305