Authentication Bypass in User Email Verification Plugin for WooCommerce
CVE-2023-2781
8.1HIGH
Key Information:
- Vendor
Wordpress
- Vendor
- CVE Published:
- 3 June 2023
What is CVE-2023-2781?
The User Email Verification for WooCommerce plugin is susceptible to an authentication bypass vulnerability due to weaknesses in random token generation within its email verification process. Attackers can exploit this vulnerability to impersonate legitimate users, triggering email verification for any account—including administrative accounts. Although the automatic login feature after verification is typically disabled by default, its activation allows unauthorized users to gain access to user accounts, posing a serious security threat.
Affected Version(s)
User Email Verification for WooCommerce * <= 3.5.0