Email Verification Vulnerability Affects WooCommerce Social Login Plugin
CVE-2024-5868

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: WooCommerce - Social Login
Vendor: CVE Published:; 15 June 2024

What is CVE-2024-5868?

The WooCommerce - Social Login plugin for WordPress is vulnerable to Email Verification in all versions up to, and including, 2.6.2 via the use of insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email verification.

Affected Version(s)

WooCommerce - Social Login 0 <= 2.6.2

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://codecanyon.net/item/social-login-wordpress-woocom...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 15, 2024
Vulnerability Reserved
Jun 11, 2024

Credit

István Márton

CVE-2024-5868 Data

JSON