CVE-2025-5190 – WordPress Browse As Plugin Authentication Bypass Vulnerability

CVE ID : CVE-2025-5190

Published : May 30, 2025, 12:15 p.m. | 1 hour, 44 minutes ago

Description : The Browse As plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.2. This is due to incorrect authentication checking in the ‘IS_BA_Browse_As::notice’ function with the ‘is_ba_original_user_COOKIEHASH’ cookie value. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in as any existing user on the site, such as an administrator, if they have access to the user id.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…