4.9
CVE-2023-7247
- EPSS 0.64%
- Veröffentlicht 11.03.2024 18:15:17
- Zuletzt bearbeitet 01.05.2025 00:07:34
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
Login as User or Customer <= 3.8 - Admin Account Takeover
Login as User or Customer <= 3.8 - Unauthenticated Limited Admin Account Compromise
The Login as User or Customer WordPress plugin through 3.8 does not prevent users to log in as any other user on the site.
Mögliche Gegenmaßnahme
Login as User or Customer — User Switching: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginWeitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Login as User or Customer — User Switching
Version
3.8
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.64% | 0.456 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 4.9 | 1.2 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
|
https://drive.google.com/file/d/1GCOzJ-ZovYij9GIdmsrZrR9g8mlC22hs/view?usp=sharing
https://wpscan.com/vulnerability/96b93253-31d0-4184-94b7-f1e18355d841/
https://www.wordfence.com/threat-intel/vulnerabilities/id/2a97f59d-c4b1-4544-8cef-37a01cc6f7ec