The Login as User or Customer WordPress plugin before 3.3...
Critical severity
Unreviewed
Published
Jan 23, 2023
to the GitHub Advisory Database
•
Updated Feb 7, 2023
Description
Published by the National Vulnerability Database
Jan 23, 2023
Published to the GitHub Advisory Database
Jan 23, 2023
Last updated
Feb 7, 2023
The Login as User or Customer WordPress plugin before 3.3 lacks authorization checks to ensure that users are allowed to log in as another one, which could allow unauthenticated attackers to obtain a valid admin session.
References