Login as User or Customer (User Switching) < 3.3 is vulnerable to Unauthenticated Privilege Escalation to Admin vulnerability

The Login as User or Customer plugin for WordPress is vulnerable to authorization bypass due to improper authorization checks on the loginas_return_admin() function in versions up to, and including, 3.2. This makes it possible for unauthenticated attackers to log in as administrators on the vulnerable site. A similar vulnerability is present in the my_action function which allows subscriber-level users and higher to log in as administrators.