The Login as User or Customer WordPress plugin before 3.3 lacks authorization checks to ensure that users are allowed to log in as another one, which could allow unauthenticated attackers to obtain a valid admin session.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2023-01-23T14:31:57.132Z
Updated: 2024-08-03T01:34:50.042Z
Reserved: 2022-12-06T10:55:06.559Z
Link: CVE-2022-4305
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-01-23T15:15:14.283
Modified: 2024-11-21T07:34:58.757
Link: CVE-2022-4305
Redhat
No data.