CVE-2023-2546

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-2546
The WP User Switch plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.2. This is due to incorrect authentication checking in the 'wpus_allow_user_to_admin_bar_menu' function with the 'wpus_who_switch' cookie value. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in as any existing user on the site, such as an administrator, if they have access to the username.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://lana.codes/lanavdb/0cfdc5fa-d219-46bb-b8cc-693ac28a9e92/
https://plugins.trac.wordpress.org/browser/wp-user-switch/trunk/inc/functions.php?rev=2237142#L33 Product
https://plugins.trac.wordpress.org/changeset/2921182/wp-user-switch/trunk/inc/functions.php Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/e89d912d-fa7a-4fb1-8872-95fa861c21ca?source=cve Patch Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:wp_user_switch_project:wp_user_switch:*:*:*:*:*:wordpress:*:*
History

13 Jun 2023, 13:15

Type Values Removed Values Added
References
  • (MISC) https://lana.codes/lanavdb/0cfdc5fa-d219-46bb-b8cc-693ac28a9e92/ -

12 Jun 2023, 18:40

Type Values Removed Values Added
CPE cpe:2.3:a:wp_user_switch_project:wp_user_switch:*:*:*:*:*:wordpress:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.8
References (MISC) https://www.wordfence.com/threat-intel/vulnerabilities/id/e89d912d-fa7a-4fb1-8872-95fa861c21ca?source=cve - (MISC) https://www.wordfence.com/threat-intel/vulnerabilities/id/e89d912d-fa7a-4fb1-8872-95fa861c21ca?source=cve - Patch, Third Party Advisory
References (MISC) https://plugins.trac.wordpress.org/changeset/2921182/wp-user-switch/trunk/inc/functions.php - (MISC) https://plugins.trac.wordpress.org/changeset/2921182/wp-user-switch/trunk/inc/functions.php - Patch
References (MISC) https://plugins.trac.wordpress.org/browser/wp-user-switch/trunk/inc/functions.php?rev=2237142#L33 - (MISC) https://plugins.trac.wordpress.org/browser/wp-user-switch/trunk/inc/functions.php?rev=2237142#L33 - Product

07 Jun 2023, 20:15

Type Values Removed Values Added
Summary The WP User Switch plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.2. This is due to incorrect authentication checking in the 'wpus_allow_user_to_admin_bar_menu' function with the 'wpus_who_switch' cookie value. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username. The WP User Switch plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.2. This is due to incorrect authentication checking in the 'wpus_allow_user_to_admin_bar_menu' function with the 'wpus_who_switch' cookie value. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in as any existing user on the site, such as an administrator, if they have access to the username.
CWE CWE-288

06 Jun 2023, 02:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-06-06 02:15

Updated : 2024-02-04 23:37

NVD link : CVE-2023-2546

Mitre link : CVE-2023-2546

CVE.ORG link : CVE-2023-2546

JSON object : View

Products Affected

wp_user_switch_project

  • wp_user_switch
CWE

No CWE.