← volver
CVE-2024-5868

WooCommerce - Social Login <= 2.6.2 - Email Verification due to Insufficient Randomness

CVSS 6.5 MEDIUMEPSS 0.3%CWE-330
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 6.5EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
15 jun 2024Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
The WooCommerce - Social Login plugin for WordPress is vulnerable to Email Verification in all versions up to, and including, 2.6.2 via the use of insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email verification.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Productos afectados
WPWeb · WooCommerce - Social Login

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://codecanyon.net/item/social-login-wordpress-woocommerce-plugin/8495883https://www.wordfence.com/threat-intel/vulnerabilities/id/97fbbf5b-d3c7-47ce-b251-ce1fe38af152?source=cve