cbcvebase.

Wp-Buy Login As User Or Customer vulnerabilities

4 known vulnerabilities affecting wp-buy/login_as_user_or_customer.

Total CVEs
4
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2022-4305P2CRITICALCVSS 9.8PoCfixed in 3.32023-01-23
CVE-2022-4305 [CRITICAL] CWE-269 CVE-2022-4305: The Login as User or Customer WordPress plugin before 3.3 lacks authorization checks to ensure that The Login as User or Customer WordPress plugin before 3.3 lacks authorization checks to ensure that users are allowed to log in as another one, which could allow unauthenticated attackers to obtain a valid admin session.
nvd
CVE-2023-51484P3CRITICALCVSS 9.8≥ n/a, ≤ 3.82024-04-25
CVE-2023-51484 [CRITICAL] CWE-287 CVE-2023-51484: Improper Authentication vulnerability in wp-buy Login as User or Customer (User Switching) allows Pr Improper Authentication vulnerability in wp-buy Login as User or Customer (User Switching) allows Privilege Escalation.This issue affects Login as User or Customer (User Switching): from n/a through 3.8.
nvd
CVE-2021-24195P3HIGHCVSS 8.8fixed in 1.8≥ 1.8, < 1.82021-05-14
CVE-2021-24195 [HIGH] CWE-285 CVE-2021-24195: Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Login Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Login as User or Customer (User Switching) WordPress plugin before 1.8, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins an
nvd
CVE-2023-7247P4MEDIUMCVSS 4.9≤ 3.82024-03-11
CVE-2023-7247 [MEDIUM] CWE-269 CVE-2023-7247: The Login as User or Customer WordPress plugin through 3.8 does not prevent users to log in as any o The Login as User or Customer WordPress plugin through 3.8 does not prevent users to log in as any other user on the site.
nvd
Wp-Buy Login As User Or Customer vulnerabilities | cvebase