Login As User Or Customer (user Switching)

login_as_user_or_customer_(user_switching)

Vendor: Wp Buy • 3 CVEs

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-7247 1Wp Buy 1Login As User Or Customer (user Switching) May 1, 2025 Mar 11, 2024 N/A· v4 4.9 MEDIUM· v3 N/A· v2 The Login as User or Customer WordPress plugin through 3.8 does not prevent users to log in as any other user on the site.
CVE-2022-4305 1Wp Buy 1Login As User Or Customer (user Switching) Apr 3, 2025 Jan 23, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The Login as User or Customer WordPress plugin before 3.3 lacks authorization checks to ensure that users are allowed to log in as another one, which could allow unauthenticated attackers to obtain a valid admin session.
CVE-2021-24195 1Wp Buy 1Login As User Or Customer (user Switching) Nov 21, 2024 May 14, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Login as User or Customer (User Switching) WordPress plugin before 1.8, to install any plugin (including a specific version) f...Show more Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Login as User or Customer (User Switching) WordPress plugin before 1.8, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.Show less