CVE-2021-24195

Name of the Vulnerable Software and Affected Versions: Login as User or Customer (User Switching) WordPress plugin versions prior to 1.8

Description: The issue allows low privileged users to install any plugin, including specific versions, from the WordPress repository and activate arbitrary plugins from the blog using the AJAX action 'cp plugins do button job later callback'. This could lead to the installation of vulnerable plugins, potentially resulting in more critical vulnerabilities, such as remote code execution (RCE).

Recommendations: For versions prior to 1.8, update to version 1.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the 'cp plugins do button job later callback' AJAX action to prevent low privileged users from installing and activating arbitrary plugins.