CVE-2023-51484
WordPress Login as User or Customer plugin <= 3.8 - Unauthenticated Account Takeover vulnerability
CVSS Score
9.8
EPSS Score
0.0%
EPSS Percentile
0th
Incorrect Privilege Assignment vulnerability in wp-buy Login as User or Customer (User Switching) login-as-customer-or-user allows Privilege Escalation.This issue affects Login as User or Customer (User Switching): from n/a through <= 3.8.
| CWE | CWE-266 |
| Vendor | wp-buy |
| Product | login as user or customer (user switching) |
| Published | Apr 25, 2024 |
| Last Updated | Apr 23, 2026 |
Stay Ahead of the Next One
Get instant alerts for wp-buy login as user or customer (user switching)
Be the first to know when new critical vulnerabilities affecting wp-buy login as user or customer (user switching) are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected Versions
wp-buy / Login as User or Customer (User Switching)
0 โค 3.8
References
patchstack.com: https://patchstack.com/database/Wordpress/Plugin/login-as-customer-or-user/vulnerability/wordpress-login-as-user-or-customer-plugin-3-8-unauthenticated-account-takeover-vulnerability?_s_id=cve patchstack.com: https://patchstack.com/database/vulnerability/login-as-customer-or-user/wordpress-login-as-user-or-customer-plugin-3-8-unauthenticated-account-takeover-vulnerability?_s_id=cve
Credits
Rafie Muhammad | Patchstack Bug Bounty Program