CVE-2024-7503

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 12, 2024

CWE ID 288

Summary

CVE-2024-7503 is a vulnerability affecting the WooCommerce - Social Login plugin for WordPress in versions up to 2.7.5. This issue stems from a flawed authentication process in the 'woo_slg_confirm_email_user' function. The function employs a loose comparison method for the activation code, rendering it susceptible to bypass attacks. As a result, unauthenticated assailants can infiltrate the system and log in as any existing user, including administrators, if they have access to the userID. This threat only poses a risk when the email module is enabled.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

WooCommerce

Affected Vendors

Woocommerce

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/xiCvpd
https://www.cve.org/CVERecord?id=CVE-2024-7503
https://nvd.nist.gov/vuln/detail/CVE-2024-7503

Back to Vulnerability Database