VYPR

One Click Login As User

by WordPress

Source repositories

CVEs (1)

  • CVE-2026-5617HigApr 15, 2026
    risk 0.57cvss 8.8epss 0.00

    The Login as User plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.3. This is due to the handle_return_to_admin() function trusting a client-controlled cookie (oclaup_original_admin) to determine which user to authenticate as,…