CVE Vulnerabilities

CVE-2024-5868

Published: Jun 15, 2024 | Modified: Feb 07, 2025
CVSS 3.x
5.3
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

The WooCommerce - Social Login plugin for WordPress is vulnerable to Email Verification in all versions up to, and including, 2.6.2 via the use of insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email verification.

Affected Software

Name Vendor Start Version End Version
Woocommerce_social_login Wpwebelite * 2.6.3 (excluding)

References