What is CVE-2022-4305?

CVE-2022-4305 is a vulnerability in Login As User Or Customer, classified under CWE-269 IMPROPER PRIVILEGE MANAGEMENT. Published 2023-01-23.

Is CVE-2022-4305 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Login As User Or Customer

CVE-2022-4305

The Login as User or Customer WordPress plugin before 3.3 lacks authorization checks to ensure that users are allowed to log in as another one, which could allow unauthenticated attackers to obtain a valid admin session.

EPSS: 0.831 (99.3th percentile) — read the EPSS interpretation.

Affected products

Unknown Login As User Or Customer — versions 0

Public proof-of-concept exploits

20142995/nuclei-templates
cyllective/CVEs

References

wpscan.com/vulnerability/286d972d-7bda-455c-a226-fd9ce5f925bd (exploit, vdb-entry, technical-description)

Frequently asked questions

What is CVE-2022-4305?: CVE-2022-4305 is a vulnerability in Login As User Or Customer, classified under CWE-269 IMPROPER PRIVILEGE MANAGEMENT. Published 2023-01-23.
Is CVE-2022-4305 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.