CVE-2024-7503
CVSS 3.1 Score 9.8 of 10 (high)
Details
Published Aug 12, 2024
CWE ID 288
Summary
CVE-2024-7503 is a vulnerability affecting the WooCommerce - Social Login plugin for WordPress in versions up to 2.7.5. This issue stems from a flawed authentication process in the 'woo_slg_confirm_email_user' function. The function employs a loose comparison method for the activation code, rendering it susceptible to bypass attacks. As a result, unauthenticated assailants can infiltrate the system and log in as any existing user, including administrators, if they have access to the userID. This threat only poses a risk when the email module is enabled.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- WooCommerce
Affected Vendors
- Woocommerce