CVE-2022-4693

moderate-risk

Published 2023-01-23

The User Verification WordPress plugin before 1.0.94 was affected by an Auth Bypass security vulnerability. To bypass authentication, we only need to know the user’s username. Depending on whose username we know, which can be easily queried because it is usually public data, we may even be given an administrative role on the website.

Do I need to act?

10.2% chance of exploitation in next 30 days

EPSS score — higher than 90% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (1)

User Verification

Affected Vendors

Pickplugins

References (4)

Exploit https://lana.codes/lanavdb/eeabe1d3-6f64-400a-8fb2-0865efdf6957

Exploit https://wpscan.com/vulnerability/1eee10a8-135f-4b76-8289-c381ff1f51ea

Exploit https://lana.codes/lanavdb/eeabe1d3-6f64-400a-8fb2-0865efdf6957

Exploit https://wpscan.com/vulnerability/1eee10a8-135f-4b76-8289-c381ff1f51ea

/ 100

moderate-risk

Severity 32/34 · Critical

Exploitability 11/34 · Low

Exposure 5/34 · Minimal