Vulners
Lucene search
2 matches found
WordPress Login as User plugin <= 1.0.3 - Authenticated (Subscriber+) Privilege Escalation via 'oclaup_original_admin' Cookie vulnerability
Authenticated Subscriber+ Privilege Escalation via 'oclauporiginaladmin' Cookie vulnerability discovered by BaroHaf - fpt in WordPress Plugin Login as User versions = 1.0.1...
8.8CVSS5.8AI score0.00399EPSS
Exploits0References1Affected Software1
CVE-2026-5617 Login as User <= 1.0.3 - Authenticated (Subscriber+) Privilege Escalation via 'oclaup_original_admin' Cookie
The Login as User plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.3. This is due to the handlereturntoadmin function trusting a client-controlled cookie oclauporiginaladmin to determine which user to authenticate as, without any server-side...
8.8CVSS0.00399EPSS
Exploits0References5
20