What the vulnerability does
01Description
The Browse As plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.2. This is due to incorrect authentication checking in the 'IS_BA_Browse_As::notice' function with the 'is_ba_original_user_COOKIEHASH' cookie value. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in as any existing user on the site, such as an administrator, if they have access to the user id.
Explanation of Vulnerability in Simple Terms
02Summary
Browse As versions 0.2 and earlier contain an authentication bypass vulnerability. An attacker with low-level privileges can read, modify, or delete sensitive data and disrupt site operations. The vulnerability requires network access but no user interaction. Sites running affected versions should update immediately.
What an attacker can do
03Attacker Capabilities
Read, modify, or delete sensitive data; disrupt site availability.
Potential impact on your site
04Site Impact
Unauthorized data access, modification, or deletion; potential service disruption.
Conditions required to exploit
05Prerequisites
Low-level user account on the site; network access.
Key dates
06Disclosure timeline
May 30, 2025
CVE published
April 8, 2026
Record updated