GCVE - cpe:2.3:a:wp-buy:login_as_user_or_customer_\(user

Approved changes feed: RSS · Atom

cpe:2.3:a:wp-buy:login_as_user_or_customer_\(user_switching\):*:*:*:*:*:wordpress:*:*

part: a version: * update: *

Vendor	Wp Buy (`bac512fc-9907-51fc-9474-d80c973070ea`)
Product	Login As User Or Customer (User Switching) (`c4ed33cc-be28-50b6-bd3c-e0fe8278cd1b`)
Edition	*
Language	*
Software edition	*
Target software	wordpress
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-7247`	vulnerable	2026-06-03 14:54:00.293736	Login as User or Customer <= 3.8 - Admin Account Takeover The Login as User or Customer WordPress plugin through 3.8 does not prevent users to log in as any other user on the site. Published: 2024-03-11T17:56:06.449Z Updated: 2024-08-11T13:36:09.877Z Open on db.gcve.eu Reference links https://wpscan.com/vulnerability/96b93253-31d0-4184-94b7-f1e18355d841/ https://drive.google.com/file/d/1GCOzJ-ZovYij9GIdmsrZrR9g8mlC22hs/view?usp=sharing	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-51484`	vulnerable	2026-06-03 14:53:32.298339	WordPress Login as User or Customer plugin <= 3.8 - Unauthenticated Account Takeover vulnerability CRITICAL (9.8) Improper Authentication vulnerability in wp-buy Login as User or Customer (User Switching) allows Privilege Escalation.This issue affects Login as User or Customer (User Switching): from n/a through 3.8. Published: 2024-04-25T08:24:43.532Z Updated: 2026-04-28T16:09:02.594Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/login-as-customer-or-user/wordpress-login-as-user-or-customer-plugin-3-8-unauthenticated-account-takeover-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-4305`	vulnerable	2026-06-03 14:48:35.464098	Login as User or Customer < 3.3 - Unauthenticated Privilege Escalation to Admin The Login as User or Customer WordPress plugin before 3.3 lacks authorization checks to ensure that users are allowed to log in as another one, which could allow unauthenticated attackers to obtain a valid admin session. Published: 2023-01-23T14:31:57.132Z Updated: 2025-04-03T19:19:19.996Z Open on db.gcve.eu Reference links https://wpscan.com/vulnerability/286d972d-7bda-455c-a226-fd9ce5f925bd	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-24195`	vulnerable	2026-06-03 14:43:56.442354	Login as User or Customer (User Switching) < 1.9 - Arbitrary Plugin Installation/Activation via Low Privilege User Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Login as User or Customer (User Switching) WordPress plugin before 1.8, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE. Published: 2021-05-14T11:38:16.000Z Updated: 2024-08-03T19:21:18.812Z Open on db.gcve.eu Reference links https://wpscan.com/vulnerability/74889e29-5349-43d1-baf5-1622493be90c	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Login As User Or Customer (User Switching)

PURL mappings

Vulnerability references

Contribute