CVE-2023-51484
WordPress Login as User or Customer plugin <= 3.8 - Unauthenticated Account Takeover vulnerability
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Attend
*SSVC
Descriptions
Improper Authentication vulnerability in wp-buy Login as User or Customer (User Switching) allows Privilege Escalation.This issue affects Login as User or Customer (User Switching): from n/a through 3.8.
La vulnerabilidad de autenticación incorrecta en wp-buy Iniciar sesión como usuario o cliente (cambio de usuario) permite Privilege Escalation. Este problema afecta el inicio de sesión como usuario o cliente (cambio de usuario): desde n/a hasta 3.8.
The Login as User or Customer plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.8. This makes it possible for unauthenticated attackers to login as another user and escalate their privileges.
*Credits:
Rafie Muhammad (Patchstack)
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Attend
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-12-20 CVE Reserved
- 2023-12-27 CVE Published
- 2024-04-26 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
CAPEC
- CAPEC-233: Privilege Escalation
References (1)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Login As Customer Or User Search vendor "Login As Customer Or User" | Login As Customer Or User Search vendor "Login As Customer Or User" for product "Login As Customer Or User" | >= 0.0 <= 3.8 Search vendor "Login As Customer Or User" for product "Login As Customer Or User" and version " >= 0.0 <= 3.8" | en |
Affected
| ||||||