9.8
CVE-2024-6636
- EPSS 0.52%
- Veröffentlicht 20.07.2024 08:15:16
- Zuletzt bearbeitet 11.02.2025 15:41:28
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginWooCommerce - Social Login <= 2.7.3 - Missing Authorization to Unauthenticated Privilege Escalation
WooCommerce - Social Login <= 2.7.3 - Missing Authorization to Unauthenticated Privilege Escalation
The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'woo_slg_login_email' function in all versions up to, and including, 2.7.3. This makes it possible for unauthenticated attackers to change the default role to Administrator while registering for an account.
Mögliche Gegenmaßnahme
WooCommerce - Social Login: Update to version 2.7.4, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Wpwebelite ≫ Woocommerce Social Login SwPlatformwordpress Version < 2.7.4
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
WooCommerce - Social Login
Version
*-2.7.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.52% | 0.398 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@wordfence.com | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
https://codecanyon.net/item/social-login-wordpress-woocommerce-plugin/8495883
https://www.wordfence.com/threat-intel/vulnerabilities/id/77ea4ba8-6c13-494a-92e3-12643003635b?source=cve
https://www.wordfence.com/threat-intel/vulnerabilities/id/77ea4ba8-6c13-494a-92e3-12643003635b