CVE-2022-4305

Login as User or Customer < 3.3 - Unauthenticated Privilege Escalation to Admin

CVSS 9.8 CRITICALEPSS 38.6%

Vexday Risk Score

60Attention

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS 9.8EPSS 38.6%KEV nãoPoC públicaPatch —

Lifecycle

23 Jan 2023Published on NVD

Recommendation: Plan a near-term fix — a public PoC already exists.

The Login as User or Customer WordPress plugin before 3.3 lacks authorization checks to ensure that users are allowed to log in as another one, which could allow unauthenticated attackers to obtain a valid admin session.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Unknown · Login as User or Customer

public PoCs found — 1

cve_referencewpscan.com/vulnerability/286d972d-7bda-455c-a226-fd9ce5f925bdunverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://wpscan.com/vulnerability/286d972d-7bda-455c-a226-fd9ce5f925bd