3 matches found
CVE-2022-4305
The CVE-2022-4305 entry concerns the WordPress plugin “Login as User or Customer” before version 3.3, which lacks proper authorization checks to prevent logging in as another user. This can allow unauthenticated attackers to obtain a valid admin session, potentially leading to full site compromis...
CVE-2023-7247
CVE-2023-7247 affects the Login as User or Customer WordPress plugin (
CVE-2021-24195
CVE-2021-24195 affects the WordPress plugin Login as User or Customer (User Switching) prior to 1.9. A low-privilege user can call the AJAX action cp_plugins_do_button_job_later_callback to install any plugin (including a specific version) from the WordPress repository and activate arbitrary plug...