Authentication bypass in JAY Login & Register plugin for WordPress versions ≤2.4.01 allows unauthenticated remote attackers to impersonate any site user, including administrators, by exploiting flawed cookie validation in the user-switching function. Attackers require only knowledge of target user IDs to gain complete account access without credentials. No public exploit identified at time of analysis.
WordPress
Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.1%