Description
WordPress Plugin Login as User or Customer is prone to a privilege escalation vulnerability. Exploiting this issue may allow attackers to bypass the expected capabilities check and perform otherwise restricted actions; other attacks are also possible. WordPress Plugin Login as User or Customer version 3.2 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 3.3 or latest
References
https://sploitus.com/exploit?id=WPEX-ID:286D972D-7BDA-455C-A226-FD9CE5F925BD
https://plugins.svn.wordpress.org/login-as-customer-or-user/trunk/readme.txt