CVE-2024-9890

The User Toolkit plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2.3. This is due to an improper capability check in the 'switchUser' function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in as any existing user on the site, such as an administrator.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
WordfenceCNA
8.8 HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 95%
VendorProductVersion
deryck_onateuser_toolkit
𝑥
≤ 1.2.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://plugins.trac.wordpress.org/browser/user-toolkit/tags/1.2.3/src/UserSwitch.php#L51
https://plugins.trac.wordpress.org/changeset/3175190/user-toolkit#file5
https://www.wordfence.com/threat-intel/vulnerabilities/id/805f18e2-9a5a-48cf-81f4-825da4bfd8ef?source=cve