Sign-up

ID

VAR-202301-1869


CVE

CVE-2022-4305


TITLE

Login as User or Customer WordPress  Plugin management vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2022-006085

DESCRIPTION

The Login as User or Customer WordPress plugin before 3.3 lacks authorization checks to ensure that users are allowed to log in as another one, which could allow unauthenticated attackers to obtain a valid admin session. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2022-4305 // JVNDB: JVNDB-2022-006085 // VULHUB: VHN-447204 // VULMON: CVE-2022-4305

AFFECTED PRODUCTS

vendor:wp buymodel:login as user or customer \scope:ltversion:3.3

Trust: 1.0

vendor:wp buymodel:login as user or customerscope:eqversion:3.3

Trust: 0.8

vendor:wp buymodel:login as user or customerscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-006085 // NVD: CVE-2022-4305

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-4305
value: CRITICAL

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2022-4305
value: CRITICAL

Trust: 1.0

NVD: CVE-2022-4305
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202301-1725
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2022-4305
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2022-4305
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-006085 // CNNVD: CNNVD-202301-1725 // NVD: CVE-2022-4305 // NVD: CVE-2022-4305

PROBLEMTYPE DATA

problemtype:Improper authority management (CWE-269) [ others ]

Trust: 0.8

problemtype:CWE-269

Trust: 0.1

sources: VULHUB: VHN-447204 // JVNDB: JVNDB-2022-006085

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202301-1725

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202301-1725

PATCH

title:Login as User or Customerurl:https://wordpress.org/plugins/login-as-customer-or-user/

Trust: 0.8

title:WordPress plugin The Login as User or Customer Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=223331

Trust: 0.6

sources: JVNDB: JVNDB-2022-006085 // CNNVD: CNNVD-202301-1725

EXTERNAL IDS

db:NVDid:CVE-2022-4305

Trust: 3.4

db:JVNDBid:JVNDB-2022-006085

Trust: 0.8

db:CNNVDid:CNNVD-202301-1725

Trust: 0.6

db:VULHUBid:VHN-447204

Trust: 0.1

db:VULMONid:CVE-2022-4305

Trust: 0.1

sources: VULHUB: VHN-447204 // VULMON: CVE-2022-4305 // JVNDB: JVNDB-2022-006085 // CNNVD: CNNVD-202301-1725 // NVD: CVE-2022-4305

REFERENCES

url:https://wpscan.com/vulnerability/286d972d-7bda-455c-a226-fd9ce5f925bd

Trust: 2.6

url:https://nvd.nist.gov/vuln/detail/cve-2022-4305

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-4305/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/269.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-447204 // VULMON: CVE-2022-4305 // JVNDB: JVNDB-2022-006085 // CNNVD: CNNVD-202301-1725 // NVD: CVE-2022-4305

SOURCES

db:VULHUBid:VHN-447204
db:VULMONid:CVE-2022-4305
db:JVNDBid:JVNDB-2022-006085
db:CNNVDid:CNNVD-202301-1725
db:NVDid:CVE-2022-4305

LAST UPDATE DATE

2025-04-05T01:49:46.294000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-447204date:2023-01-30T00:00:00
db:VULMONid:CVE-2022-4305date:2023-01-23T00:00:00
db:JVNDBid:JVNDB-2022-006085date:2023-06-29T04:50:00
db:CNNVDid:CNNVD-202301-1725date:2023-02-01T00:00:00
db:NVDid:CVE-2022-4305date:2025-04-03T20:15:18.120

SOURCES RELEASE DATE

db:VULHUBid:VHN-447204date:2023-01-23T00:00:00
db:VULMONid:CVE-2022-4305date:2023-01-23T00:00:00
db:JVNDBid:JVNDB-2022-006085date:2023-06-29T00:00:00
db:CNNVDid:CNNVD-202301-1725date:2023-01-23T00:00:00
db:NVDid:CVE-2022-4305date:2023-01-23T15:15:14.283