CVE-2023-51484: 
WordPress vulnerability analysis and mitigation

The vulnerability (CVE-2023-51484) affects the WordPress plugin 'Login as User or Customer (User Switching)' versions up to and including 3.8. This security flaw was discovered by Rafie Muhammad and publicly disclosed on December 27, 2023. The vulnerability is classified as an Improper Authentication issue that allows for privilege escalation (WPScan, Patchstack).

The vulnerability is classified as CWE-287 (Improper Authentication) and has received a Critical CVSS v3.1 score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). This indicates that the vulnerability is network-accessible, requires low attack complexity, needs no privileges, and can result in high impacts to confidentiality, integrity, and availability. The flaw falls under the OWASP Top 10 category A2: Broken Authentication and Session Management (Patchstack, WPScan).

The vulnerability enables unauthenticated attackers to login as another user and escalate their privileges. If successfully exploited, attackers could potentially gain full control of the website if high privileges are obtained (Patchstack).

Currently, there is no official fix available for this vulnerability. The issue affects all versions up to and including version 3.8 of the Login as User or Customer plugin (WPScan).