Unauthorized Modification of Data in WooCommerce Social Login Plugin
CVE-2024-6636

9.8CRITICAL

Key Information:

Vendor: Wordpress
Status: WooCommerce - Social Login
Vendor: CVE Published:; 20 July 2024

What is CVE-2024-6636?

The WooCommerce - Social Login plugin for WordPress is affected by a security vulnerability that allows unauthorized data modification. This issue arises from a missing capability check on the 'woo_slg_login_email' function, which is present in all versions up to and including 2.7.3. Unauthenticated attackers can exploit this vulnerability to alter a new user's default role to Administrator during the account registration process, potentially granting them elevated privileges within the WordPress environment. This significant weakness emphasizes the need for users to ensure they are using the latest versions of the plugin and to regularly review their site security practices.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

WooCommerce - Social Login * <= 2.7.3

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://codecanyon.net/item/social-login-wordpress-woocom...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 20, 2024
Vulnerability Reserved
Jul 9, 2024

Credit

Vu Nguyen

JSON

Wordpress

What is CVE-2024-6636?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.