The User Verification WordPress plugin before 1.0.94 was affected by an Auth Bypass security vulnerability. To bypass authentication, we only need to know the user’s username. Depending on whose username we know, which can be easily queried because it is usually public data, we may even be given an administrative role on the website.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HPickplugins User Verification
APPPickplugins< 1.0.94
Related vulnerabilities
The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for Word...
The Post Grid plugin for WordPress is vulnerable to blind SQL Injection via post metadata in versions up to, a...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlug...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlug...
The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in all versions ...