Description
WordPress Plugin User Verification is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently log in as any user. WordPress Plugin User Verification version 1.0.93 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.0.94 or latest
References
https://lana.codes/lanavdb/eeabe1d3-6f64-400a-8fb2-0865efdf6957/
https://sploitus.com/exploit?id=WPEX-ID:1EEE10A8-135F-4B76-8289-C381FF1F51EA
https://plugins.svn.wordpress.org/user-verification/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin Events Manager 'events-manager.php' SQL Injection (2.1)
WordPress Plugin WP Business Intelligence Lite SQL Injection (1.6.1)
WordPress Plugin Daily Inspiration Generator Open Redirect (2.0)
WordPress Plugin Consulting Elementor Widgets Local File Inclusion (1.3.0)
Magento XML Injection (aka Blind XPath Injection) Vulnerability (CVE-2022-34253)