CVE Published: 14/05/2021 |
CVE Updated: 03/08/2024 |
CVE Year: 2021 Source: WPScan |
Vendor: wp-buy |
Product: Login as User or Customer (User Switching) Status : PUBLISHED
CVE-2021-24195 Description
Low privileged users can use the AJAX action \'cp_plugins_do_button_job_later_callback\' in the Login as User or Customer (User Switching) WordPress plugin before 1.8, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.