Farrukh Ziyaev

**Name of the Vulnerable Software and Affected Versions** Firebase Support & Chat Management plugin for WordPress versions prior to 3.1.2 **Description** An issue allows authenticated attackers with Subscriber-level access or higher to escalate privileges and achieve full account takeover. The `firebase auth()` function authenticates requests based on the email provided in the `user email` POST parameter without verifying the ownership of that email, as it fails to validate the Firebase ID token signature, issuer, or audience. By submitting a target user's email address to the `acb firebase auth` AJAX action, an attacker can log in as any existing user, including an Administrator. **Recommendations** Update to a version later than 3.1.1. As a temporary workaround, restrict access to the `acb firebase auth` AJAX action or avoid using the `user email` parameter until the update is applied.