CVE-2024-37560
published 2024-07-12CVE-2024-37560: Improper Privilege Management vulnerability in IqbalRony WP User Switch allows Privilege Escalation.This issue affects WP User Switch: from n/a through 1.1.0.
PriorityP276high8CVSS 3.1
AVNACLPRLUIRSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.37%
28.4th percentile
Improper Privilege Management vulnerability in IqbalRony WP User Switch allows Privilege Escalation.This issue affects WP User Switch: from n/a through 1.1.0.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| iqbalrony | wp_user_switch | n/a – 1.1.0 | — |
CVSS provenance
nvdv3.18.0HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
vulncheck8.0HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qjjp-x73m-9gv4: Improper Privilege Management vulnerability in IqbalRony WP User Switch allows Privilege Escalation
ghsa_unreviewed·2024-07-12
CVE-2024-37560 [HIGH] CWE-269 GHSA-qjjp-x73m-9gv4: Improper Privilege Management vulnerability in IqbalRony WP User Switch allows Privilege Escalation
Improper Privilege Management vulnerability in IqbalRony WP User Switch allows Privilege Escalation.This issue affects WP User Switch: from n/a through 1.1.0.
VulnCheck
WP User Switch Plugin Privilege Escalation
vulncheck·2024·CVSS 8.0
CVE-2024-37560 [HIGH] WP User Switch Plugin Privilege Escalation
WP User Switch Plugin Privilege Escalation
Improper Privilege Management vulnerability in IqbalRony WP User Switch allows Privilege Escalation.This issue affects WP User Switch: from n/a through 1.1.0.
Affected: IqbalRony WP User Switch
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://patchstack.com/database/wordpress/plugin/wp-user-switch/vulnerability/wordpress-wp-user-switch-plugin-1-0-5-privilege-escalation-vulnerability
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-07-12
Published
Exploited in the wild