CVE-2022-4305

The Login as User or Customer WordPress plugin before 3.3 lacks authorization checks to ensure that users are allowed to log in as another one, which could allow unauthenticated attackers to obtain a valid admin session.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
wp-buylogin_as_user_or_customer_\(user_switching\)
𝑥
< 3.3
𝑥
= Vulnerable software versions
References
https://wpscan.com/vulnerability/286d972d-7bda-455c-a226-fd9ce5f925bd
https://wpscan.com/vulnerability/286d972d-7bda-455c-a226-fd9ce5f925bd