The Browse As plugin for WordPress versions up to and including 0.2 contains an authentication bypass vulnerability that permits attackers to impersonate any user, including administrators.

This authentication bypass is caused by incorrect validation of the is_ba_original_user_COOKIEHASH cookie. An authenticated attacker with subscriber-level access can forge this cookie with a target user's ID to impersonate them.

With a CVSS score of 8.8, this vulnerability represents a severe threat to the integrity and security of the WordPress instance. An attacker successfully exploiting this can gain full administrative access, potentially leading to total site takeover, data exfiltration, and the modification of site content.

Immediate Action: Update the Browse As plugin to the latest version or deactivate and remove the plugin if it is not strictly necessary for site functionality.

Proactive Monitoring: Monitor user session logs for unusual patterns of account switching or access from unexpected origins.

Compensating Controls: Implement strict session management and ensure that all WordPress plugins are kept up to date; use security hardening plugins to monitor for unauthorized account modifications.

Public Exploit Available: False

Because this vulnerability allows for complete account takeover, it should be addressed with the highest priority. If a patch is not immediately available, the plugin should be disabled until it can be securely updated to prevent potential unauthorized access.