CRITICAL🇬🇧 English

CVE-2022-4693

CVSS 9.8v3.1pub. 2023-01-23upd. 2025-04-02

The User Verification WordPress plugin before 1.0.94 was affected by an Auth Bypass security vulnerability. To bypass authentication, we only need to know the user’s username. Depending on whose username we know, which can be easily queried because it is usually public data, we may even be given an administrative role on the website.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Pickplugins User Verification

    APP
    Pickplugins
    < 1.0.94
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Auth Bypass
CWE
Referencje

Powiązane podatności

CVE-2024-13408HIGH7.5ten sam vendor

The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for Word...

CVE-2021-4450HIGH8.8ten sam vendor

The Post Grid plugin for WordPress is vulnerable to blind SQL Injection via post metadata in versions up to, a...

CVE-2024-44002HIGH7.1ten sam vendor

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlug...

CVE-2024-45459HIGH7.1ten sam vendor

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlug...

CVE-2024-8253HIGH8.8ten sam vendor

The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in all versions ...