CVE-2022-4693
Published: 23 January 2023
Summary
CVE-2022-4693 is a critical-severity Insufficiently Protected Credentials (CWE-522) vulnerability in Pickplugins User Verification. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 6.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
The User Verification WordPress plugin before version 1.0.94 contains an authentication bypass vulnerability tracked as CVE-2022-4693. The flaw, assigned CWE-522 and rated 9.8 under CVSS 3.1, allows an unauthenticated remote attacker to bypass login controls simply by supplying a valid username, which is often publicly enumerable on WordPress sites. Successful exploitation can result in the attacker being granted administrative privileges on the affected site.
An attacker requires no credentials or user interaction and can exploit the issue over the network by submitting a known username to the plugin’s verification flow. Because usernames are frequently exposed through author archives, REST API endpoints, or login error messages, an adversary can readily obtain the information needed to assume any role associated with that account, including administrator.
The EPSS score for this CVE has remained at 0.1023 with no material increase after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-52007
Vulnerability details
The User Verification WordPress plugin before 1.0.94 was affected by an Auth Bypass security vulnerability. To bypass authentication, we only need to know the user’s username. Depending on whose username we know, which can be easily queried because it is…
more
usually public data, we may even be given an administrative role on the website.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Training instructs users on protecting credentials from disclosure or unauthorized access.
Training records for security awareness and role-based training verify education on credential protection practices, tangibly reducing risks from mishandling or exposing credentials.
Protecting authenticator content from unauthorized disclosure and modification while requiring protective controls addresses insufficiently protected credentials.
Rules of behavior include credential protection and non-sharing requirements, reducing exposure of insufficiently protected credentials.
Terminating or revoking credentials stops use of insufficiently protected or lingering credentials post-termination.
Requiring confidentiality/integrity protection for stored credentials directly mitigates insufficiently protected credentials on disk or in configuration stores.
Credentials or keys delivered out-of-band are not exposed to interception or inadequate protection on the main transport.