CVE Vulnerabilities

CVE-2025-5190

Authentication Bypass Using an Alternate Path or Channel

Published: May 30, 2025 | Modified: May 30, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

The Browse As plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.2. This is due to incorrect authentication checking in the IS_BA_Browse_As::notice function with the is_ba_original_user_COOKIEHASH cookie value. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in as any existing user on the site, such as an administrator, if they have access to the user id.

Weakness

A product requires authentication, but the product has an alternate path or channel that does not require authentication.

Potential Mitigations

References