9.8
CVE-2022-4693
- EPSS 1.6%
- Veröffentlicht 23.01.2023 15:15:16
- Zuletzt bearbeitet 02.04.2025 16:15:28
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginUser Verification < 1.0.94 - Authentication Bypass
User Verification <= 1.0.93 - Privilege Escalation
The User Verification WordPress plugin before 1.0.94 was affected by an Auth Bypass security vulnerability. To bypass authentication, we only need to know the user’s username. Depending on whose username we know, which can be easily queried because it is usually public data, we may even be given an administrative role on the website.
Mögliche Gegenmaßnahme
User Verification by PickPlugins: Update to version 1.0.94, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Pickplugins ≫ User Verification SwPlatformwordpress Version < 1.0.94
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
User Verification by PickPlugins
Version
*-1.0.93
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.6% | 0.726 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-522 Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
https://lana.codes/lanavdb/eeabe1d3-6f64-400a-8fb2-0865efdf6957
https://wpscan.com/vulnerability/1eee10a8-135f-4b76-8289-c381ff1f51ea
https://www.wordfence.com/threat-intel/vulnerabilities/id/c7e3a8ee-9950-4da4-8450-8b5902b3b876