CVE-2022-4693

CRITICAL

User Verification WordPress <1.0.94 - Auth Bypass

Title source: llm

Description

The User Verification WordPress plugin before 1.0.94 was affected by an Auth Bypass security vulnerability. To bypass authentication, we only need to know the user’s username. Depending on whose username we know, which can be easily queried because it is usually public data, we may even be given an administrative role on the website.

References (2)

[Exploit, Third Party Advisory] https://lana.codes/lanavdb/eeabe1d3-6f64-400a-8fb2-0865efdf6957

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/1eee10a8-135f-4b76-8289-c381ff1f51ea

Scores

CVSS v3 9.8

EPSS 0.1023

EPSS Percentile 93.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-522

Status published

Affected Products (1)

pickplugins/user_verification < 1.0.94

Timeline

Published Jan 23, 2023

Tracked Since Feb 18, 2026