6.5
CVE-2024-5868
- EPSS 0.31%
- Veröffentlicht 15.06.2024 04:15:13
- Zuletzt bearbeitet 08.04.2026 18:22:13
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginWooCommerce - Social Login <= 2.6.2 - Email Verification due to Insufficient Randomness
WooCommerce - Social Login <= 2.6.2 - Email Verification due to Insufficient Randomness
The WooCommerce - Social Login plugin for WordPress is vulnerable to Email Verification in all versions up to, and including, 2.6.2 via the use of insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email verification.
Mögliche Gegenmaßnahme
WooCommerce - Social Login: Update to version 2.6.3, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Wpwebelite ≫ Woocommerce Social Login SwPlatformwordpress Version < 2.6.3
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
WooCommerce - Social Login
Version
*-2.6.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.31% | 0.228 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
| security@wordfence.com | 6.5 | 3.9 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
|
CWE-330 Use of Insufficiently Random Values
The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.
https://codecanyon.net/item/social-login-wordpress-woocommerce-plugin/8495883
https://www.wordfence.com/threat-intel/vulnerabilities/id/97fbbf5b-d3c7-47ce-b251-ce1fe38af152?source=cve
https://www.wordfence.com/threat-intel/vulnerabilities/id/97fbbf5b-d3c7-47ce-b251-ce1fe38af152