CVE-2025-5190: CWE-288 Authentication Bypass Using an Alternate Path or Channel in sorich87 Browse As
The Browse As plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.2. This is due to incorrect authentication checking in the 'IS_BA_Browse_As::notice' function with the 'is_ba_original_user_COOKIEHASH' cookie value. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in as any existing user on the site, such as an administrator, if they have access to the user id.
AI Analysis
Technical Summary
CVE-2025-5190 is an authentication bypass vulnerability in the Browse As WordPress plugin (version 0.2 and earlier). The issue is due to incorrect authentication validation in the 'IS_BA_Browse_As::notice' function that relies on the 'is_ba_original_user_COOKIEHASH' cookie. This allows authenticated users with low privileges (subscriber-level and above) to escalate their privileges by logging in as any other user on the site if they have the user ID, potentially gaining administrator access. The vulnerability is classified under CWE-288 (Authentication Bypass Using an Alternate Path or Channel) and has a CVSS 3.1 score of 8.8, indicating high impact on confidentiality, integrity, and availability. No patch or vendor advisory is currently available, and the plugin is not a cloud service.
Potential Impact
An attacker with subscriber-level or higher permissions can bypass authentication controls and impersonate any user on the affected WordPress site, including administrators. This can lead to full site compromise, unauthorized access to sensitive data, and potential site disruption. The vulnerability affects confidentiality, integrity, and availability of the affected system.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, it is recommended to disable or uninstall the Browse As plugin if possible, or restrict access to trusted users only. Monitor for updates from the plugin vendor or WordPress security channels for an official patch.
CVE-2025-5190: CWE-288 Authentication Bypass Using an Alternate Path or Channel in sorich87 Browse As
Description
The Browse As plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.2. This is due to incorrect authentication checking in the 'IS_BA_Browse_As::notice' function with the 'is_ba_original_user_COOKIEHASH' cookie value. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in as any existing user on the site, such as an administrator, if they have access to the user id.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2025-5190 is an authentication bypass vulnerability in the Browse As WordPress plugin (version 0.2 and earlier). The issue is due to incorrect authentication validation in the 'IS_BA_Browse_As::notice' function that relies on the 'is_ba_original_user_COOKIEHASH' cookie. This allows authenticated users with low privileges (subscriber-level and above) to escalate their privileges by logging in as any other user on the site if they have the user ID, potentially gaining administrator access. The vulnerability is classified under CWE-288 (Authentication Bypass Using an Alternate Path or Channel) and has a CVSS 3.1 score of 8.8, indicating high impact on confidentiality, integrity, and availability. No patch or vendor advisory is currently available, and the plugin is not a cloud service.
Potential Impact
An attacker with subscriber-level or higher permissions can bypass authentication controls and impersonate any user on the affected WordPress site, including administrators. This can lead to full site compromise, unauthorized access to sensitive data, and potential site disruption. The vulnerability affects confidentiality, integrity, and availability of the affected system.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, it is recommended to disable or uninstall the Browse As plugin if possible, or restrict access to trusted users only. Monitor for updates from the plugin vendor or WordPress security channels for an official patch.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Wordfence
- Date Reserved
- 2025-05-26T05:12:25.477Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 6839a468182aa0cae2aec754
Added to database: 5/30/2025, 12:28:24 PM
Last enriched: 4/9/2026, 5:32:22 PM
Last updated: 5/8/2026, 9:59:33 PM
Views: 143
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.