CVE-2022-4305
published 2023-01-23CVE-2022-4305: The Login as User or Customer WordPress plugin before 3.3 lacks authorization checks to ensure that users are allowed to log in as another one, which could…
PriorityP274critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
38.63%
98.4th percentile
The Login as User or Customer WordPress plugin before 3.3 lacks authorization checks to ensure that users are allowed to log in as another one, which could allow unauthenticated attackers to obtain a valid admin session.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wp-buy | login_as_user_or_customer | < 3.3 | 3.3 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect exploitation attempts by monitoring for unauthenticated GET requests to /wp-admin/admin-ajax.php with action=loginas_return_admin combined with the Cookie header loginas_old_user_id=1 ↗
- →Confirm successful privilege escalation by checking if the subsequent GET /wp-admin/users.php returns HTTP 200 with body containing 'Edit Profile' and 'All Posts', indicating an active admin session was obtained ↗
- →Fingerprint vulnerable WordPress installations by searching for the plugin path /wp-content/plugins/login-as-customer-or-user in HTTP response bodies ↗
- ·The exploit uses a hardcoded user ID of 1 in the cookie (loginas_old_user_id=1), which targets the default WordPress admin account; attackers may vary this value to target other privileged accounts ↗
- ·The vulnerability affects Login as User or Customer plugin versions before 3.3; version 3.3 contains the fix and should be used as the remediation threshold in detection rules ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Login as User or Customer < 3.3 - Privilege Escalation
nuclei·CVSS 9.8
CVE-2022-4305 [CRITICAL] Login as User or Customer < 3.3 - Privilege Escalation
Login as User or Customer < 3.3 - Privilege Escalation
The plugin lacks authorization checks to ensure that users are allowed to log in as another one, which could allow unauthenticated attackers to obtain a valid admin session.
Template:
id: CVE-2022-4305
info:
name: Login as User or Customer < 3.3 - Privilege Escalation
author: r3Y3r53
severity: critical
description: |
The plugin lacks authorization checks to ensure that users are allowed to log in as another one, which could allow unauthenticated attackers to obtain a valid admin session.
impact: |
Unauthenticated attackers can obtain valid admin sessions by exploiting missing authorization checks in the Login as User or Customer plugin, potentially gaining complete control over the WordPress site and all user accounts.
remediation:
2023-01-23
Published