CVE-2024-9890

HIGH

WordPress User Toolkit <1.2.3 - Auth Bypass

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-9890. PoCs published by RandomRobbieBF.

AI-analyzed exploit summary This PoC demonstrates an authentication bypass vulnerability in the User Toolkit WordPress plugin (versions up to 1.2.3). It allows authenticated attackers with subscriber-level permissions to escalate privileges by manipulating the 'switch_user' function via a crafted URL.

Description

The User Toolkit plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2.3. This is due to an improper capability check in the 'switchUser' function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in as any existing user on the site, such as an administrator. CVE-2024-50503 may be a duplicate.

Exploits (1)

nomisec WORKING POC
by RandomRobbieBF · poc
https://github.com/RandomRobbieBF/CVE-2024-9890

This PoC demonstrates an authentication bypass vulnerability in the User Toolkit WordPress plugin (versions up to 1.2.3). It allows authenticated attackers with subscriber-level permissions to escalate privileges by manipulating the 'switch_user' function via a crafted URL.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: User Toolkit WordPress plugin <= 1.2.3
Auth required
Prerequisites: Authenticated access with subscriber-level permissions · Valid nonce value from the user's profile page
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 8.8
EPSS 0.0102
EPSS Percentile 58.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-288
Status published
Products (1)
deryck/User Toolkit < 1.2.3
Published Oct 26, 2024
Tracked Since Feb 18, 2026