CVE-2024-12432

The WPC Shop as a Customer for WooCommerce plugin for WordPress is vulnerable to account takeover and privilege escalation in all versions up to, and including, 1.2.8. This is due to the generate_key function not producing a sufficiently random value. This makes it possible for authenticated attackers, with Subscriber-level access and above, to log in as site administrators, granted they have triggered the ajax_login() function which generates a unique key that can be used to log in.

Weakness

The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

Potential Mitigations

• Use a well-vetted algorithm that is currently considered to be strong by experts in the field, and select well-tested implementations with adequate length seeds.
• In general, if a pseudo-random number generator is not advertised as being cryptographically secure, then it is probably a statistical PRNG and should not be used in security-sensitive contexts.
• Pseudo-random number generators can produce predictable numbers if the generator is known and the seed can be guessed. A 256-bit seed is a good starting point for producing a “random enough” number.

Related Attack Patterns

• https://cwe.mitre.org/data/definitions/112.html
• https://cwe.mitre.org/data/definitions/485.html
• https://cwe.mitre.org/data/definitions/59.html

References

• https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3208130%40wpc-shop-as-customer\u0026new=3208130%40wpc-shop-as-customer\u0026sfp_email=\u0026sfph_mail=
• https://www.wordfence.com/threat-intel/vulnerabilities/id/048625e8-10b7-418d-a13b-329f1d7e0171?source=cve