Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for login_as_user_or_customer_\(user_switching\) by wp-buy

    CVE-2023-7247 (GCVE-0-2023-7247)

    Vulnerability from nvd – Published: 2024-03-11 17:56 – Updated: 2024-08-11 13:36
    VLAI
    Title
    Login as User or Customer <= 3.8 - Admin Account Takeover
    Summary
    The Login as User or Customer WordPress plugin through 3.8 does not prevent users to log in as any other user on the site.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Unknown Login as User or Customer Affected: 0 , ≤ 3.8 (semver)
    Create a notification for this product.
    wp-buy login_as_user_or_customer_\(user_switching\) Affected: 0 , ≤ 3.8 (semver)
        cpe:2.3:a:wp-buy:login_as_user_or_customer_\(user_switching\):*:*:*:*:*:wordpress:*:*
    Create a notification for this product.
    Credits
    Dmitrii Ignatyev WPScan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:57:35.034Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "exploit",
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/96b93253-31d0-4184-94b7-f1e18355d841/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://drive.google.com/file/d/1GCOzJ-ZovYij9GIdmsrZrR9g8mlC22hs/view?usp=sharing"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:wp-buy:login_as_user_or_customer_\\(user_switching\\):*:*:*:*:*:wordpress:*:*"
                ],
                "defaultStatus": "affected",
                "product": "login_as_user_or_customer_\\(user_switching\\)",
                "vendor": "wp-buy",
                "versions": [
                  {
                    "lessThanOrEqual": "3.8",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 4.9,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "HIGH",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-7247",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-12T18:22:20.836501Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-11T13:36:09.877Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "affected",
              "product": "Login as User or Customer",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThanOrEqual": "3.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Dmitrii Ignatyev"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "WPScan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Login as User or Customer WordPress plugin through 3.8 does not prevent users to log in as any other user on the site."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-269 Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-11T18:08:58.602Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "exploit",
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://wpscan.com/vulnerability/96b93253-31d0-4184-94b7-f1e18355d841/"
            },
            {
              "url": "https://drive.google.com/file/d/1GCOzJ-ZovYij9GIdmsrZrR9g8mlC22hs/view?usp=sharing"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Login as User or Customer \u003c= 3.8 - Admin Account Takeover",
          "x_generator": {
            "engine": "WPScan CVE Generator"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2023-7247",
        "datePublished": "2024-03-11T17:56:06.449Z",
        "dateReserved": "2024-02-14T11:59:45.624Z",
        "dateUpdated": "2024-08-11T13:36:09.877Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-4305 (GCVE-0-2022-4305)

    Vulnerability from nvd – Published: 2023-01-23 14:31 – Updated: 2025-04-03 19:19
    VLAI
    Title
    Login as User or Customer < 3.3 - Unauthenticated Privilege Escalation to Admin
    Summary
    The Login as User or Customer WordPress plugin before 3.3 lacks authorization checks to ensure that users are allowed to log in as another one, which could allow unauthenticated attackers to obtain a valid admin session.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    References
    URL Tags
    https://wpscan.com/vulnerability/286d972d-7bda-45… exploitvdb-entrytechnical-description
    Impacted products
    Vendor Product Version
    Unknown Login as User or Customer Affected: 0 , < 3.3 (custom)
    Create a notification for this product.
    Credits
    David WPScan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:34:50.042Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "exploit",
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/286d972d-7bda-455c-a226-fd9ce5f925bd"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-4305",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-02T14:48:51.680800Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-03T19:19:19.996Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "product": "Login as User or Customer",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "3.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "David"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "WPScan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Login as User or Customer WordPress plugin before 3.3 lacks authorization checks to ensure that users are allowed to log in as another one, which could allow unauthenticated attackers to obtain a valid admin session."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-269 Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-23T14:31:57.132Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "exploit",
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://wpscan.com/vulnerability/286d972d-7bda-455c-a226-fd9ce5f925bd"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Login as User or Customer \u003c 3.3 - Unauthenticated Privilege Escalation to Admin",
          "x_generator": {
            "engine": "WPScan CVE Generator"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2022-4305",
        "datePublished": "2023-01-23T14:31:57.132Z",
        "dateReserved": "2022-12-06T10:55:06.559Z",
        "dateUpdated": "2025-04-03T19:19:19.996Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-24195 (GCVE-0-2021-24195)

    Vulnerability from nvd – Published: 2021-05-14 11:38 – Updated: 2024-08-03 19:21
    VLAI
    Title
    Login as User or Customer (User Switching) < 1.9 - Arbitrary Plugin Installation/Activation via Low Privilege User
    Summary
    Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Login as User or Customer (User Switching) WordPress plugin before 1.8, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Credits
    Bugbang
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:21:18.812Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/74889e29-5349-43d1-baf5-1622493be90c"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Login as User or Customer (User Switching)",
              "vendor": "wp-buy",
              "versions": [
                {
                  "lessThan": "1.8",
                  "status": "affected",
                  "version": "1.8",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Bugbang"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Low privileged users can use the AJAX action \u0027cp_plugins_do_button_job_later_callback\u0027 in the Login as User or Customer (User Switching) WordPress plugin before 1.8, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285 Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-05-14T11:38:16.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wpscan.com/vulnerability/74889e29-5349-43d1-baf5-1622493be90c"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Login as User or Customer (User Switching) \u003c 1.9 - Arbitrary Plugin Installation/Activation via Low Privilege User",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2021-24195",
              "STATE": "PUBLIC",
              "TITLE": "Login as User or Customer (User Switching) \u003c 1.9 - Arbitrary Plugin Installation/Activation via Low Privilege User"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Login as User or Customer (User Switching)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "1.8",
                                "version_value": "1.8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "wp-buy"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Bugbang"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Low privileged users can use the AJAX action \u0027cp_plugins_do_button_job_later_callback\u0027 in the Login as User or Customer (User Switching) WordPress plugin before 1.8, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE."
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-285 Improper Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/74889e29-5349-43d1-baf5-1622493be90c",
                  "refsource": "CONFIRM",
                  "url": "https://wpscan.com/vulnerability/74889e29-5349-43d1-baf5-1622493be90c"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2021-24195",
        "datePublished": "2021-05-14T11:38:16.000Z",
        "dateReserved": "2021-01-14T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:21:18.812Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-7247 (GCVE-0-2023-7247)

    Vulnerability from cvelistv5 – Published: 2024-03-11 17:56 – Updated: 2024-08-11 13:36
    VLAI
    Title
    Login as User or Customer <= 3.8 - Admin Account Takeover
    Summary
    The Login as User or Customer WordPress plugin through 3.8 does not prevent users to log in as any other user on the site.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Unknown Login as User or Customer Affected: 0 , ≤ 3.8 (semver)
    Create a notification for this product.
    wp-buy login_as_user_or_customer_\(user_switching\) Affected: 0 , ≤ 3.8 (semver)
        cpe:2.3:a:wp-buy:login_as_user_or_customer_\(user_switching\):*:*:*:*:*:wordpress:*:*
    Create a notification for this product.
    Credits
    Dmitrii Ignatyev WPScan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:57:35.034Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "exploit",
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/96b93253-31d0-4184-94b7-f1e18355d841/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://drive.google.com/file/d/1GCOzJ-ZovYij9GIdmsrZrR9g8mlC22hs/view?usp=sharing"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:wp-buy:login_as_user_or_customer_\\(user_switching\\):*:*:*:*:*:wordpress:*:*"
                ],
                "defaultStatus": "affected",
                "product": "login_as_user_or_customer_\\(user_switching\\)",
                "vendor": "wp-buy",
                "versions": [
                  {
                    "lessThanOrEqual": "3.8",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 4.9,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "HIGH",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-7247",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-12T18:22:20.836501Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-11T13:36:09.877Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "affected",
              "product": "Login as User or Customer",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThanOrEqual": "3.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Dmitrii Ignatyev"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "WPScan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Login as User or Customer WordPress plugin through 3.8 does not prevent users to log in as any other user on the site."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-269 Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-11T18:08:58.602Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "exploit",
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://wpscan.com/vulnerability/96b93253-31d0-4184-94b7-f1e18355d841/"
            },
            {
              "url": "https://drive.google.com/file/d/1GCOzJ-ZovYij9GIdmsrZrR9g8mlC22hs/view?usp=sharing"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Login as User or Customer \u003c= 3.8 - Admin Account Takeover",
          "x_generator": {
            "engine": "WPScan CVE Generator"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2023-7247",
        "datePublished": "2024-03-11T17:56:06.449Z",
        "dateReserved": "2024-02-14T11:59:45.624Z",
        "dateUpdated": "2024-08-11T13:36:09.877Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-4305 (GCVE-0-2022-4305)

    Vulnerability from cvelistv5 – Published: 2023-01-23 14:31 – Updated: 2025-04-03 19:19
    VLAI
    Title
    Login as User or Customer < 3.3 - Unauthenticated Privilege Escalation to Admin
    Summary
    The Login as User or Customer WordPress plugin before 3.3 lacks authorization checks to ensure that users are allowed to log in as another one, which could allow unauthenticated attackers to obtain a valid admin session.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    References
    URL Tags
    https://wpscan.com/vulnerability/286d972d-7bda-45… exploitvdb-entrytechnical-description
    Impacted products
    Vendor Product Version
    Unknown Login as User or Customer Affected: 0 , < 3.3 (custom)
    Create a notification for this product.
    Credits
    David WPScan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:34:50.042Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "exploit",
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/286d972d-7bda-455c-a226-fd9ce5f925bd"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-4305",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-02T14:48:51.680800Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-03T19:19:19.996Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "product": "Login as User or Customer",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "3.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "David"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "WPScan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Login as User or Customer WordPress plugin before 3.3 lacks authorization checks to ensure that users are allowed to log in as another one, which could allow unauthenticated attackers to obtain a valid admin session."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-269 Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-23T14:31:57.132Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "exploit",
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://wpscan.com/vulnerability/286d972d-7bda-455c-a226-fd9ce5f925bd"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Login as User or Customer \u003c 3.3 - Unauthenticated Privilege Escalation to Admin",
          "x_generator": {
            "engine": "WPScan CVE Generator"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2022-4305",
        "datePublished": "2023-01-23T14:31:57.132Z",
        "dateReserved": "2022-12-06T10:55:06.559Z",
        "dateUpdated": "2025-04-03T19:19:19.996Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-24195 (GCVE-0-2021-24195)

    Vulnerability from cvelistv5 – Published: 2021-05-14 11:38 – Updated: 2024-08-03 19:21
    VLAI
    Title
    Login as User or Customer (User Switching) < 1.9 - Arbitrary Plugin Installation/Activation via Low Privilege User
    Summary
    Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Login as User or Customer (User Switching) WordPress plugin before 1.8, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Credits
    Bugbang
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:21:18.812Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/74889e29-5349-43d1-baf5-1622493be90c"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Login as User or Customer (User Switching)",
              "vendor": "wp-buy",
              "versions": [
                {
                  "lessThan": "1.8",
                  "status": "affected",
                  "version": "1.8",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Bugbang"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Low privileged users can use the AJAX action \u0027cp_plugins_do_button_job_later_callback\u0027 in the Login as User or Customer (User Switching) WordPress plugin before 1.8, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285 Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-05-14T11:38:16.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wpscan.com/vulnerability/74889e29-5349-43d1-baf5-1622493be90c"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Login as User or Customer (User Switching) \u003c 1.9 - Arbitrary Plugin Installation/Activation via Low Privilege User",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2021-24195",
              "STATE": "PUBLIC",
              "TITLE": "Login as User or Customer (User Switching) \u003c 1.9 - Arbitrary Plugin Installation/Activation via Low Privilege User"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Login as User or Customer (User Switching)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "1.8",
                                "version_value": "1.8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "wp-buy"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Bugbang"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Low privileged users can use the AJAX action \u0027cp_plugins_do_button_job_later_callback\u0027 in the Login as User or Customer (User Switching) WordPress plugin before 1.8, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE."
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-285 Improper Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/74889e29-5349-43d1-baf5-1622493be90c",
                  "refsource": "CONFIRM",
                  "url": "https://wpscan.com/vulnerability/74889e29-5349-43d1-baf5-1622493be90c"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2021-24195",
        "datePublished": "2021-05-14T11:38:16.000Z",
        "dateReserved": "2021-01-14T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:21:18.812Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }