Wp-Buy: >> Login As User Or Customer (User Switching) >> 1.9 Security Vulnerabilities
The Login as User or Customer WordPress plugin through 3.8 does not prevent users to log in as any other user on the site.
CVSS Score
4.9
EPSS Score
0.003
Published
2024-03-11
The Login as User or Customer WordPress plugin before 3.3 lacks authorization checks to ensure that users are allowed to log in as another one, which could allow unauthenticated attackers to obtain a valid admin session.
CVSS Score
9.8
EPSS Score
0.889
Published
2023-01-23