CVE-2023-2546

Published: 06/06/2023 Updated: 07/11/2023

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 0

The WP User Switch plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.2. This is due to incorrect authentication checking in the 'wpus_allow_user_to_admin_bar_menu' function with the 'wpus_who_switch' cookie value. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in as any existing user on the site, such as an administrator, if they have access to the username.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wp user switch project wp user switch

Hướng Dẫn Xây Dựng Môi Trường Khai Thác Lỗ Hổng CVE Trên Wordpress Hướng dẫn này giúp triển khai môi trường nhằm khai thác thành công ba lỗ hổng CVE lần lượt là CVE-2023-2546, CVE-2023-3460, CVE-2023-4596 tồn tại trên các Plugin WP User Switch 102, Ultim

https://www.wordfence.com/threat-intel/vulnerabilities/id/e89d912d-fa7a-4fb1-8872-95fa861c21ca?source=cve https://plugins.trac.wordpress.org/changeset/2921182/wp-user-switch/trunk/inc/functions.php https://plugins.trac.wordpress.org/browser/wp-user-switch/trunk/inc/functions.php?rev=2237142#L33 https://lana.codes/lanavdb/0cfdc5fa-d219-46bb-b8cc-693ac28a9e92/https://nvd.nist.gov https://github.com/LUUANHDUC/KhaiThacLoHongPhanMem

CVE-2023-2546

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect