Horizontal vs vertical authentication bypass
Found the answer:
https://cwe.mitre.org/data/definitions/639.html
Horizontal escalation of privilege is possible (one user can view/modify information of another user).
Vertical escalation of privilege is possible if the user-controlled key is actually a flag that indicates administrator status, allowing the attacker to gain administrative access.
I think you have mixed up authentication and authorization in user question. Here I explain what vertical and Horizontal authorization is.
Web application some times wont properly authorize the user to access private information or to perform a task which the login user is not intended to perform. This can be done by either directly calling an internal/admin page or tampering the parameter and tricking the application into thinking that the user is logged in as USER B(but the attacker logged in as USER A).
Answering to your question
Horizontal Authorization Bypass: Accessing or performing activities that are intended to user of same privilege. For Example: Consider Attacker as User A and he is able to access resources that are specific to user B(Note: User A and B has same amount of privilege). This can be done by tampering the parameters like UserID in the URL or in request
Vertical Authorization Bypass: Accessing or performing activities that has more privilege than the login user and not intended to the logged in user. For Example: Attacker with normal user privilege is able to access admin pages in a web application. This can be done by directly accessing the admin page after login as a normal user.