exploitDog

CVE-2023-7247

Опубликовано: 11 мар. 2024

Источник: nvd

CVSS3: 4.9

EPSS Низкий

Описание

The Login as User or Customer WordPress plugin through 3.8 does not prevent users to log in as any other user on the site.

Ссылки

https://drive.google.com/file/d/1GCOzJ-ZovYij9GIdmsrZrR9g8mlC22hs/view?usp=sharing
Exploit
https://wpscan.com/vulnerability/96b93253-31d0-4184-94b7-f1e18355d841/
Exploit
Third Party Advisory
https://drive.google.com/file/d/1GCOzJ-ZovYij9GIdmsrZrR9g8mlC22hs/view?usp=sharing
Exploit
https://wpscan.com/vulnerability/96b93253-31d0-4184-94b7-f1e18355d841/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wp-buy:login_as_user_or_customer_\(user_switching\):*:*:*:*:*:wordpress:*:*

Версия до 3.8 (включая)

EPSS

Процентиль: 52%

0.00286

Низкий

4.9 Medium

CVSS3

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-grpx-32wr-q4c4

CVSS3: 4.9

github

почти 2 года назад

The Login as User or Customer WordPress plugin through 3.8 does not prevent users to log in as any other user on the site.

EPSS

Процентиль: 52%

0.00286

Низкий

4.9 Medium

CVSS3

Дефекты

NVD-CWE-noinfo