Login As User Or Customer (User Switching)

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:wp-buy:login_as_user_or_customer_(user_switching):*:*:*:*:*:*:*:*

part: a version: * update: *

VendorWp Buy (bac512fc-9907-51fc-9474-d80c973070ea)
ProductLogin As User Or Customer (User Switching) (c4ed33cc-be28-50b6-bd3c-e0fe8278cd1b)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2023-51484 vulnerable 2026-06-03 14:53:32.299249 WordPress Login as User or Customer plugin <= 3.8 - Unauthenticated Account Takeover vulnerability
CRITICAL (9.8)
Improper Authentication vulnerability in wp-buy Login as User or Customer (User Switching) allows Privilege Escalation.This issue affects Login as User or Customer (User Switching): from n/a through 3.8.
Published: 2024-04-25T08:24:43.532Z
Updated: 2026-04-28T16:09:02.594Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-24195 vulnerable 2026-06-03 14:43:56.441696 Login as User or Customer (User Switching) < 1.9 - Arbitrary Plugin Installation/Activation via Low Privilege User
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Login as User or Customer (User Switching) WordPress plugin before 1.8, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.
Published: 2021-05-14T11:38:16.000Z
Updated: 2024-08-03T19:21:18.812Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.