A critical authentication bypass vulnerability has been identified in The JAY Login & Register plugin for WordPress. This flaw allows an unauthenticated attacker to log in as any user, including administrators, without a password, provided they know the target user's ID. Successful exploitation could lead to a complete compromise of the affected website, resulting in data theft, defacement, or further attacks.

The vulnerability exists within the jay_login_register_process_switch_back function of the plugin. This function fails to properly validate authentication when processing the jay_login_register_process_switch_back cookie. An unauthenticated attacker can manipulate this process to bypass normal authentication checks and log into any account on the WordPress site by simply providing a valid user ID.

This vulnerability is rated as critical with a CVSS score of 9.8. Successful exploitation grants an attacker the same privileges as the user they impersonate. If an administrator account is compromised, the attacker gains full control over the WordPress site, enabling them to steal sensitive data, install malware, deface the website, or use the compromised site to launch further attacks against the organization or its visitors. This poses a severe risk of significant financial loss, reputational damage, and regulatory penalties.

Immediate Action: Immediately update The JAY Login plugin to a version higher than 2.4.01 to patch the vulnerability. After updating, review all user accounts, especially administrator accounts, for any signs of unauthorized access or changes. Carefully examine server access logs for any suspicious login activity that occurred prior to the patch being applied.

Proactive Monitoring: Monitor web server and application logs for requests involving the jay_login_register_process_switch_back function or cookie. Implement alerts for unusual or successful login events from unknown IP addresses, particularly for privileged accounts. Regularly audit user roles and permissions to ensure they follow the principle of least privilege.

Compensating Controls: If immediate patching is not feasible, consider the following actions:

• Temporarily disable The JAY Login plugin until it can be safely updated.
• Deploy a Web Application Firewall (WAF) with rules specifically designed to block malicious requests targeting this vulnerability.
• Restrict access to the WordPress login and administration pages (wp-login.php and /wp-admin/) to trusted IP addresses only.

Public Exploit Available: false

Due to the critical severity (CVSS 9.8) and the high likelihood of exploitation, immediate action is required. Organizations using the affected plugin must prioritize applying the vendor-supplied patch without delay. Given the risk of a full site compromise, it is crucial to assume that vulnerable, internet-facing systems may have been compromised and to perform a thorough security audit for any signs of unauthorized activity.