9.8
CVE-2022-4693
- EPSS 10.23%
- Veröffentlicht 23.01.2023 15:15:16
- Zuletzt bearbeitet 02.04.2025 16:15:28
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginUser Verification <= 1.0.93 - Privilege Escalation
The User Verification WordPress plugin before 1.0.94 was affected by an Auth Bypass security vulnerability. To bypass authentication, we only need to know the user’s username. Depending on whose username we know, which can be easily queried because it is usually public data, we may even be given an administrative role on the website.
Mögliche Gegenmaßnahme
User Verification by PickPlugins: Update to version 1.0.94, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
User Verification by PickPlugins
Version
*-1.0.93
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Pickplugins ≫ User Verification SwPlatformwordpress Version < 1.0.94
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 10.23% | 0.929 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-522 Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.