CVE-2023-7247

🗓️ 11 Mar 2024 17:56:06Reported by WPScanType

cve🔗 web.nvd.nist.gov👁 66 Views🌐 WEB

The Login as User or Customer WordPress plugin through 3.8 does not prevent users to log in as any other user on the site

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2023-7247	14 Mar 202415:21	–	circl
CNNVD	WordPress Plugin Login as User or Customer Security Vulnerability	11 Mar 202400:00	–	cnnvd
Cvelist	CVE-2023-7247 Login as User or Customer <= 3.8 - Admin Account Takeover	11 Mar 202417:56	–	cvelist
NVD	CVE-2023-7247	11 Mar 202418:15	–	nvd
Prion	Spoofing	11 Mar 202418:15	–	prion
Positive Technologies	PT-2024-15248 · WordPress · Login As User/Customer	27 Feb 202400:00	–	ptsecurity
RedhatCVE	CVE-2023-7247	23 May 202505:29	–	redhatcve
Vulnrichment	CVE-2023-7247 Login as User or Customer <= 3.8 - Admin Account Takeover	11 Mar 202417:56	–	vulnrichment
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (February 26, 2024 to March 3, 2024)	7 Mar 202416:12	–	wordfence
wpexploit	Login as User or Customer <= 3.8 - Admin Account Takeover	17 Feb 202400:00	–	wpexploit

NVD

Vulners

Vulnrichment

Node

wp-buy login_as_user_or_customer_(user_switching)Range≤3.8wordpress

[
  {
    "vendor": "Unknown",
    "product": "Login as User or Customer",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThanOrEqual": "3.8"
      }
    ],
    "defaultStatus": "affected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/96b93253-31d0-4184-94b7-f1e18355d841/
drive	www.drive.google.com/file/d/1GCOzJ-ZovYij9GIdmsrZrR9g8mlC22hs/view

Parameter	Position	Path	Description	CWE
action	request body	example.com/wp-admin/admin-ajax.php	Endpoint used to perform login-as actions without proper authorization in the described PoC.

01 May 2025 00:07Current

6Medium risk

Vulners AI Score6

CVSS 3.14.9

EPSS0.00286

SSVC