Vulnerability Description
The User Verification WordPress plugin before 1.0.94 was affected by an Auth Bypass security vulnerability. To bypass authentication, we only need to know the user’s username. Depending on whose username we know, which can be easily queried because it is usually public data, we may even be given an administrative role on the website.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pickplugins | User Verification | < 1.0.94 |
Related Weaknesses (CWE)
References
- https://lana.codes/lanavdb/eeabe1d3-6f64-400a-8fb2-0865efdf6957ExploitThird Party Advisory
- https://wpscan.com/vulnerability/1eee10a8-135f-4b76-8289-c381ff1f51eaExploitThird Party Advisory
- https://lana.codes/lanavdb/eeabe1d3-6f64-400a-8fb2-0865efdf6957ExploitThird Party Advisory
- https://wpscan.com/vulnerability/1eee10a8-135f-4b76-8289-c381ff1f51eaExploitThird Party Advisory
FAQ
What is CVE-2022-4693?
CVE-2022-4693 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The User Verification WordPress plugin before 1.0.94 was affected by an Auth Bypass security vulnerability. To bypass authentication, we only need to know the user’s username. Depending on whose usern...
How severe is CVE-2022-4693?
CVE-2022-4693 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-4693?
Check the references section above for vendor advisories and patch information. Affected products include: Pickplugins User Verification.