The Login as User or Customer WordPress plugin before 3.3 lacks authorization checks to ensure that users are allowed to log in as another one, which could allow unauthenticated attackers to obtain a valid admin session.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2023-01-23T14:31:57.132Z

Updated: 2024-08-03T01:34:50.042Z

Reserved: 2022-12-06T10:55:06.559Z

Link: CVE-2022-4305

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-01-23T15:15:14.283

Modified: 2024-11-21T07:34:58.757

Link: CVE-2022-4305

cve-icon Redhat

No data.