2025-05-30 11:15:10
Wordfence
PUBLISHED
The Browse As plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.2. This is due to incorrect authentication checking in the IS_BA_Browse_As::notice function with the is_ba_original_user_COOKIEHASH cookie value. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in as any existing user on the site, such as an administrator, if they have access to the user id.