Description
WordPress Plugin Login as User or Customer is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently install arbitrary plugins. WordPress Plugin Login as User or Customer version 1.7 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.8 or latest
References
Related Vulnerabilities
Envoy Proxy Reachable Assertion Vulnerability (CVE-2022-29228)
PostgreSQL Untrusted Search Path Vulnerability (CVE-2020-14350)
MySQL CVE-2019-2592 Vulnerability (CVE-2019-2592)
WordPress Plugin Bulk change of posts terms and post types Cross-Site Scripting (1.0)
WordPress Plugin Popup by Supsystic Cross-Site Request Forgery (1.7.8)