Product

Account Switcher Plugin for WordPress <= 1.0.2

1 brief RSS

CVE-2026-6456 - WordPress Account Switcher Plugin Privilege Escalation

The Account Switcher plugin for WordPress is vulnerable to privilege escalation (CVE-2026-6456) due to a loose comparison and lack of validation on the `rememberLogin` REST API endpoint, allowing authenticated attackers to gain administrator privileges.

Account Switcher plugin for WordPress <= 1.0.2 privilege-escalation wordpress cve web-application

2r 1t 1c 18h ago