CVE-2023-2546

Name of the Vulnerable Software and Affected Versions WP User Switch plugin for WordPress versions up to, and including, 1.0.2

Description The issue is due to incorrect authentication checking in the wpus allow user to admin bar menu function with the wpus who switch cookie value. This allows attackers with access to a username to log in as any existing user on the site, including administrators. The attackers need to have subscriber-level permissions or above to exploit this issue.

Recommendations For WP User Switch plugin for WordPress versions up to, and including, 1.0.2, consider disabling the wpus allow user to admin bar menu function until a patch is available. Restrict access to the wpus who switch cookie value to minimize the risk of exploitation. Avoid using the wpus who switch cookie value in authentication processes until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.