CVE-2023-7247

🗓️ 11 Mar 2024 17:56:06Reported by WPScanType

cve🔗 web.nvd.nist.gov👁 69 Views🌐 WEB

The Login as User or Customer WordPress plugin through 3.8 does not prevent users to log in as any other user on the site

Reporter	Title	Published	Views	Family All 12
Circl	CVE-2023-7247	14 Mar 202415:21	–	circl
CNNVD	WordPress Plugin Login as User or Customer Security Vulnerability	11 Mar 202400:00	–	cnnvd
Cvelist	CVE-2023-7247 Login as User or Customer <= 3.8 - Admin Account Takeover	11 Mar 202417:56	–	cvelist
NVD	CVE-2023-7247	11 Mar 202418:15	–	nvd
OSV	CVE-2023-7247	11 Mar 202418:15	–	osv
Prion	Spoofing	11 Mar 202418:15	–	prion
Positive Technologies	PT-2024-15248 · WordPress · Login As User/Customer	27 Feb 202400:00	–	ptsecurity
RedhatCVE	CVE-2023-7247	23 May 202505:29	–	redhatcve
Vulnrichment	CVE-2023-7247 Login as User or Customer <= 3.8 - Admin Account Takeover	11 Mar 202417:56	–	vulnrichment
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (February 26, 2024 to March 3, 2024)	7 Mar 202416:12	–	wordfence

NVD

Vulners

Vulnrichment

Node

wp-buy login_as_user_or_customer_(user_switching)Range≤3.8wordpress

[
  {
    "vendor": "Unknown",
    "product": "Login as User or Customer",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThanOrEqual": "3.8"
      }
    ],
    "defaultStatus": "affected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

Source	Link
drive	www.drive.google.com/file/d/1GCOzJ-ZovYij9GIdmsrZrR9g8mlC22hs/view
wpscan	www.wpscan.com/vulnerability/96b93253-31d0-4184-94b7-f1e18355d841/

Parameter	Position	Path	Description	CWE
action	request body	\/wp-admin\/admin-ajax.php	Privilege escalation through admin-ajax action allowing login as another user.	CWE-284

17 Jun 2026 06:52Current

6Medium risk

Vulners AI Score6

CVSS 3.14.9

EPSS0.00636

SSVC