EUVD-2024-36759

Malicious code in bioql PyPI...

CVE-2023-2546

The WP User Switch plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.2. This is due to incorrect authentication checking in the 'wpusallowusertoadminbarmenu' function with the 'wpuswhoswitch' cookie value. This makes it possible for authenticated...

CVE-2024-37560

Improper Privilege Management vulnerability in IqbalRony WP User Switch allows Privilege Escalation.This issue affects WP User Switch: from n/a through 1.1.0...

CVE-2024-37560

Improper Privilege Management vulnerability in IqbalRony WP User Switch allows Privilege Escalation.This issue affects WP User Switch: from n/a through 1.1.0...

CVE-2024-37560

CVE-2024-37560 is an improper privilege management vulnerability in the WP User Switch WordPress plugin (affecting versions from n/a through 1.1.0). The issue enables privilege escalation within the plugin. Public exploit details are not provided in the documents. The CVE entry notes this vulnera...

WordPress plugin WP User Switch security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

VulnCheck KEV: CVE-2024-37560

Improper Privilege Management vulnerability in IqbalRony WP User Switch allows Privilege Escalation.This issue affects WP User Switch: from n/a through 1.1.0...

CVE-2023-2546

The WP User Switch plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.2. This is due to incorrect authentication checking in the 'wpusallowusertoadminbarmenu' function with the 'wpuswhoswitch' cookie value. This makes it possible for authenticated...

CVE-2023-2546

CVE-2023-2546 affects the WordPress plugin WP User Switch. Vulnerability arises from incorrect authentication in wpus_allow_user_to_admin_bar_menu that uses the wpus_who_switch cookie, allowing an authenticated user with subscriber-level permissions or higher to impersonate any existing user (e.g...

CVE-2023-2546 WP User Switch <= 1.0.2 - Authenticated (Subscriber+) Authentication Bypass via Cookie

The WP User Switch plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.2. This is due to incorrect authentication checking in the 'wpusallowusertoadminbarmenu' function with the 'wpuswhoswitch' cookie value. This makes it possible for authenticated...

WP User Switch < 1.0.3 - Subscriber+ Authentication Bypass

The plugin does not properly verify the 'wpuswhoswitch' cookie value, which allows attackers with low-privilege accounts like Subscribers to bypass authentication and login as any other existing user. PoC Log-in as a subscriber onto the affected site. Run the following JS script in your browser's...