CVE-2022-4305

Published: Jan 23, 2023Modified: Apr 3, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The Login as User or Customer WordPress plugin before 3.3 lacks authorization checks to ensure that users are allowed to log in as another one, which could allow unauthenticated attackers to obtain a valid admin session.

Affected (1)

Products: Wp Buy: Login As User Or Customer (user Switching)

Wp Buy

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Wp Buy Login As User Or Customer (user Switching)	Before 3.3

References (2)

https://wpscan.com/vulnerability/286d972d-7bda-455c-a226-fd9ce5f925bd

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/286d972d-7bda-455c-a226-fd9ce5f925bd

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.