← Back to CVEs

CVE-2022-4693

CRITICAL

9.8

Description

The User Verification WordPress plugin before 1.0.94 was affected by an Auth Bypass security vulnerability. To bypass authentication, we only need to know the user’s username. Depending on whose username we know, which can be easily queried because it is usually public data, we may even be given an administrative role on the website.

CVE Details

CVSS v3.1 Score9.8

SeverityCRITICAL

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredNONE

User InteractionNONE

Published1/23/2023

Last Modified4/2/2025

Sourcenvd

Honeypot Sightings0

Affected Products

pickplugins:user_verification

Weaknesses (CWE)

CWE-522CWE-522

References

https://lana.codes/lanavdb/eeabe1d3-6f64-400a-8fb2-0865efdf6957(contact@wpscan.com)

https://wpscan.com/vulnerability/1eee10a8-135f-4b76-8289-c381ff1f51ea(contact@wpscan.com)

https://lana.codes/lanavdb/eeabe1d3-6f64-400a-8fb2-0865efdf6957(af854a3a-2127-422b-91ae-364da2661108)

https://wpscan.com/vulnerability/1eee10a8-135f-4b76-8289-c381ff1f51ea(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.