CRITICAL🇵🇱 Wersja polska

CVE-2022-4693

CVSS 9.8v3.1pub. 2023-01-23upd. 2025-04-02

The User Verification WordPress plugin before 1.0.94 was affected by an Auth Bypass security vulnerability. To bypass authentication, we only need to know the user’s username. Depending on whose username we know, which can be easily queried because it is usually public data, we may even be given an administrative role on the website.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Pickplugins User Verification

    APP
    Pickplugins
    < 1.0.94
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2024-13408HIGH7.5ten sam vendor

The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for Word...

CVE-2021-4450HIGH8.8ten sam vendor

The Post Grid plugin for WordPress is vulnerable to blind SQL Injection via post metadata in versions up to, a...

CVE-2024-44002HIGH7.1ten sam vendor

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlug...

CVE-2024-45459HIGH7.1ten sam vendor

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlug...

CVE-2024-8253HIGH8.8ten sam vendor

The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in all versions ...