CVE-2022-4693

Published: Jan 23, 2023Modified: Apr 2, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The User Verification WordPress plugin before 1.0.94 was affected by an Auth Bypass security vulnerability. To bypass authentication, we only need to know the user’s username. Depending on whose username we know, which can be easily queried because it is usually public data, we may even be given an administrative role on the website.

Affected (1)

Products: Pickplugins: User Verification

1 product

User Verification

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Pickplugins User Verification	Before 1.0.94

Related CWEs

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (4)

https://lana.codes/lanavdb/eeabe1d3-6f64-400a-8fb2-0865efdf6957

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/1eee10a8-135f-4b76-8289-c381ff1f51ea

Source: contact@wpscan.com

ExploitThird Party Advisory

https://lana.codes/lanavdb/eeabe1d3-6f64-400a-8fb2-0865efdf6957

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://wpscan.com/vulnerability/1eee10a8-135f-4b76-8289-c381ff1f51ea

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.