VYPR

Account Switcher

by WordPress

CVEs (1)

  • CVE-2026-6456HigMay 20, 2026
    risk 0.57cvss 8.8epss 0.00

    The Account Switcher plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.2. This is due to the `rememberLogin` REST API endpoint using a loose comparison (`!=` instead of `!==`) for secret validation at `app/RestAPI.php:111`,…