CVE-2023-2546

The WP User Switch plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.2. This is due to incorrect authentication checking in the 'wpus_allow_user_to_admin_bar_menu' function with the 'wpus_who_switch' cookie value. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in as any existing user on the site, such as an administrator, if they have access to the username.
Configurations

Configuration 1 (hide)

cpe:2.3:a:wp_user_switch_project:wp_user_switch:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 07:58

Type Values Removed Values Added
References () https://lana.codes/lanavdb/0cfdc5fa-d219-46bb-b8cc-693ac28a9e92/ - () https://lana.codes/lanavdb/0cfdc5fa-d219-46bb-b8cc-693ac28a9e92/ -
References () https://plugins.trac.wordpress.org/browser/wp-user-switch/trunk/inc/functions.php?rev=2237142#L33 - Product () https://plugins.trac.wordpress.org/browser/wp-user-switch/trunk/inc/functions.php?rev=2237142#L33 - Product
References () https://plugins.trac.wordpress.org/changeset/2921182/wp-user-switch/trunk/inc/functions.php - Patch () https://plugins.trac.wordpress.org/changeset/2921182/wp-user-switch/trunk/inc/functions.php - Patch
References () https://www.wordfence.com/threat-intel/vulnerabilities/id/e89d912d-fa7a-4fb1-8872-95fa861c21ca?source=cve - Patch, Third Party Advisory () https://www.wordfence.com/threat-intel/vulnerabilities/id/e89d912d-fa7a-4fb1-8872-95fa861c21ca?source=cve - Patch, Third Party Advisory

13 Jun 2023, 13:15

Type Values Removed Values Added
References
  • (MISC) https://lana.codes/lanavdb/0cfdc5fa-d219-46bb-b8cc-693ac28a9e92/ -

12 Jun 2023, 18:40

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
CPE cpe:2.3:a:wp_user_switch_project:wp_user_switch:*:*:*:*:*:wordpress:*:*
References (MISC) https://www.wordfence.com/threat-intel/vulnerabilities/id/e89d912d-fa7a-4fb1-8872-95fa861c21ca?source=cve - (MISC) https://www.wordfence.com/threat-intel/vulnerabilities/id/e89d912d-fa7a-4fb1-8872-95fa861c21ca?source=cve - Patch, Third Party Advisory
References (MISC) https://plugins.trac.wordpress.org/changeset/2921182/wp-user-switch/trunk/inc/functions.php - (MISC) https://plugins.trac.wordpress.org/changeset/2921182/wp-user-switch/trunk/inc/functions.php - Patch
References (MISC) https://plugins.trac.wordpress.org/browser/wp-user-switch/trunk/inc/functions.php?rev=2237142#L33 - (MISC) https://plugins.trac.wordpress.org/browser/wp-user-switch/trunk/inc/functions.php?rev=2237142#L33 - Product

07 Jun 2023, 20:15

Type Values Removed Values Added
CWE CWE-288
Summary The WP User Switch plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.2. This is due to incorrect authentication checking in the 'wpus_allow_user_to_admin_bar_menu' function with the 'wpus_who_switch' cookie value. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username. The WP User Switch plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.2. This is due to incorrect authentication checking in the 'wpus_allow_user_to_admin_bar_menu' function with the 'wpus_who_switch' cookie value. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in as any existing user on the site, such as an administrator, if they have access to the username.

06 Jun 2023, 02:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-06-06 02:15

Updated : 2024-11-21 07:58


NVD link : CVE-2023-2546

Mitre link : CVE-2023-2546

CVE.ORG link : CVE-2023-2546


JSON object : View

Products Affected

wp_user_switch_project

  • wp_user_switch
CWE

No CWE.