CVE-2024-5868

medium

Description

The WooCommerce - Social Login plugin for WordPress is vulnerable to Email Verification in all versions up to, and including, 2.6.2 via the use of insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email verification.

References

https://www.wordfence.com/threat-intel/vulnerabilities/id/97fbbf5b-d3c7-47ce-b251-ce1fe38af152?source=cve

https://codecanyon.net/item/social-login-wordpress-woocommerce-plugin/8495883

Details

Source: Mitre, NVD

Published: 2024-06-15

Updated: 2025-02-07

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.00191