Description
WordPress Plugin Login as User or Customer is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently install arbitrary plugins. WordPress Plugin Login as User or Customer version 1.7 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.8 or latest
References
Related Vulnerabilities
WordPress 4.8.x Multiple Vulnerabilities (4.8 - 4.8.19)
Undertow Uncontrolled Resource Consumption Vulnerability (CVE-2021-3690)
Oracle Database Server CVE-2006-1866 Vulnerability (CVE-2006-1866)
Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-28333)
Oracle Database Server Cryptographic Issues Vulnerability (CVE-2006-0270)