Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbWpvulndbWPVDB-ID:2EF5169D-D7AD-4269-8232-C38B39BB13D2
HistoryJun 04, 2023 - 12:00 a.m.

WP User Switch < 1.0.3 - Subscriber+ Authentication Bypass

2023-06-0400:00:00
wpscan.com
8
wp user switch
subscriber
authentication .

0.001 Low

EPSS

Percentile

47.0%

JSON

The plugin does not properly verify the ‘wpus_who_switch’ cookie value, which allows attackers with low-privilege accounts like Subscribers to bypass authentication and login as any other existing user.

PoC

Log-in as a subscriber onto the affected site. Run the following JS script in your browser’s console: document.cookie = 'wpus_who_switch=simpleadmin' Refresh the page, and notice you can now switch to any other user’s account via the newly added “User Switch” toggle on the top WordPress Admin bar.

CPENameOperatorVersion
wp-user-switchlt1.0.3

Related

cve 1
prion 1
nvd 1
wpexploit 1
cvelist 1
wordfence 2
cve
cve
CVE-2023-2546
2023-06-06 02:15:09
prion
prion
Authentication flaw
2023-06-06 02:15:00
nvd
nvd
CVE-2023-2546
2023-06-06 02:15:09
wpexploit
wpexploit
WP User Switch < 1.0.3 - Subscriber+ Authentication Bypass
2023-06-04 00:00:00
cvelist
cvelist
CVE-2023-2546
2023-06-06 01:55:07
wordfence
wordfence
2023’s Critical WordPress Vulnerabilities and How They Work
2024-02-12 19:11:21
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 29, 2023 to June 4, 2023)
2023-06-08 13:39:51

0.001 Low

EPSS

Percentile

47.0%

JSON
Related for WPVDB-ID:2EF5169D-D7AD-4269-8232-C38B39BB13D2
cve1prion1nvd1wpexploit1cvelist1wordfence2