CVE-2023-51484 – WordPress Login as User or Customer plugin <= 3.8 - Unauthenticated Account Takeover vulnerability

https://notcve.org/view.php?id=CVE-2023-51484

Improper Authentication vulnerability in wp-buy Login as User or Customer (User Switching) allows Privilege Escalation.This issue affects Login as User or Customer (User Switching): from n/a through 3.8. La vulnerabilidad de autenticación incorrecta en wp-buy Iniciar sesión como usuario o cliente (cambio de usuario) permite Privilege Escalation. Este problema afecta el inicio de sesión como usuario o cliente (cambio de usuario): desde n/a hasta 3.8. The Login as User or Customer plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.8. This makes it possible for unauthenticated attackers to login as another user and escalate their privileges. • https://patchstack.com/database/vulnerability/login-as-customer-or-user/wordpress-login-as-user-or-customer-plugin-3-8-unauthenticated-account-takeover-vulnerability?_s_id=cve • CWE-287: Improper Authentication •