6.5

CVE-2024-5868

EPSS 0.13%
Veröffentlicht 15.06.2024 04:15:13
Zuletzt bearbeitet 08.04.2026 18:22:13
Quelle security@wordfence.com
CVE-Watchlists
Login
Unerledigt
Login

WooCommerce - Social Login <= 2.6.2 - Email Verification due to Insufficient Randomness

The WooCommerce - Social Login plugin for WordPress is vulnerable to Email Verification in all versions up to, and including, 2.6.2 via the use of insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email verification.

Mögliche Gegenmaßnahme

WooCommerce - Social Login: Update to version 2.6.3, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt WooCommerce - Social Login

Version *-2.6.2

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Wpwebelite ≫ Woocommerce Social Login SwPlatformwordpress Version < 2.6.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.13%	0.33

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
security@wordfence.com	6.5	3.9	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-330 Use of Insufficiently Random Values

The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

https://codecanyon.net/item/social-login-wordpress-woocommerce-plugin/8495883

Product

https://www.wordfence.com/threat-intel/vulnerabilities/id/97fbbf5b-d3c7-47ce-b251-ce1fe38af152?source=cve

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/97fbbf5b-d3c7-47ce-b251-ce1fe38af152

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-5868

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-5868

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-5868

EUVD