http://security.szurek.pl/wp-support-plus-responsive-ticket-system-713-privilege-escalation.html

10 Jan 2017 Homepage:

https://wordpress.org/plugins/wp-support-plus-responsive-ticket-system/

Description:

You can login as anyone without knowing password because of incorrect usage of wp_set_auth_cookie().

File: wp-support-plus-responsive-ticket-systemincludesadminloginGuestFacebook.php

$user_id, ‘first_name’=>$firstName, ‘last_name’=>$lastName, ‘display_name’

Powered by WPeMatico