The Login as User or Customer WordPress plugin before 3.3 lacks authorization checks to ensure that users are allowed to log in as another one, which could allow unauthenticated attackers to obtain a valid admin session.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/286d972d-7bda-455c-a226-fd9ce5f925bd | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2023-01-23T14:31:57.132Z
Updated:
Reserved: 2022-12-06T10:55:06.559Z
Link: CVE-2022-4305
JSON object: View
NVD Information
Status : Modified
Published: 2023-01-23T15:15:14.283
Modified: 2023-11-07T03:57:29.827
Link: CVE-2022-4305
JSON object: View
Redhat Information
No data.
CWE
No CWE.