CVE ID : CVE-2025-5190
Published : May 30, 2025, 12:15 p.m. | 1 hour, 22 minutes ago
Description : The Browse As plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.2. This is due to incorrect authentication checking in the ‘IS_BA_Browse_As::notice’ function with the ‘is_ba_original_user_COOKIEHASH’ cookie value. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in as any existing user on the site, such as an administrator, if they have access to the user id.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Source: Read More
