CVE-2022-4305 Scanner

The Login as User or Customer plugin for WordPress allows administrators and authorized users to log in as any other user on the WordPress site. This functionality is designed to help administrators troubleshoot user issues, perform user account management, and provide better support by experiencing the site from the user's perspective. It is particularly useful for e-commerce sites, membership sites, and other WordPress-based platforms where user experience customization and support are critical. The plugin is developed by WP-Buy and is utilized across a wide range of WordPress sites to enhance administrative capabilities and improve user support.

A critical privilege escalation vulnerability was identified in versions of the Login as User or Customer plugin prior to 3.3. This flaw allows unauthenticated attackers to bypass authorization checks and log in as any user, including administrators, without requiring a password. By exploiting this vulnerability, attackers can gain full access to the WordPress dashboard, enabling them to take over the site, alter content, and access sensitive information. The absence of proper authorization checks makes it possible for attackers to compromise the security of the website easily.

The vulnerability exists due to the plugin's lack of adequate authorization checks in the functionality that allows users to log back in as the original user after switching accounts. Specifically, it relies on a predictable and manipulable cookie (`loginas_old_user_id`) for authentication, without verifying the requesting user's permissions. An attacker can craft a request with this cookie set to the user ID of an administrator, thereby gaining unauthorized access to the administrator's session and privileges.

The exploitation of this vulnerability could have severe consequences for the affected WordPress sites. Attackers could gain administrative access, allowing them to modify site content, create malicious accounts, steal sensitive data, and potentially take complete control of the site. This could lead to data breaches, loss of customer trust, and significant damage to the site's reputation and operational integrity.

By using the security scanning services provided by securityforeveryone, you can identify vulnerabilities like the critical privilege escalation flaw in the Login as User or Customer plugin. Our platform offers detailed vulnerability assessments, actionable remediation advice, and continuous monitoring to safeguard your WordPress site against emerging threats. Membership in our platform ensures that your digital assets remain secure, up-to-date, and resilient against cyber-attacks.

References

• https://wpscan.com/vulnerability/286d972d-7bda-455c-a226-fd9ce5f925bd
• https://nvd.nist.gov/vuln/detail/CVE-2022-4305