CVE-2024-5868

The WooCommerce - Social Login plugin for WordPress is vulnerable to Email Verification in all versions up to, and including, 2.6.2 via the use of insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email verification.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://codecanyon.net/item/social-login-wordpress-woocommerce-plugin/8495883	Product
https://www.wordfence.com/threat-intel/vulnerabilities/id/97fbbf5b-d3c7-47ce-b251-ce1fe38af152?source=cve	Third Party Advisory
https://codecanyon.net/item/social-login-wordpress-woocommerce-plugin/8495883	Product
https://www.wordfence.com/threat-intel/vulnerabilities/id/97fbbf5b-d3c7-47ce-b251-ce1fe38af152?source=cve	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:wpwebelite:woocommerce_social_login:*:*:*:*:*:wordpress:*:*

History

07 Feb 2025, 19:49

Type	Values Removed	Values Added
First Time		Wpwebelite Wpwebelite woocommerce Social Login
CWE		NVD-CWE-noinfo
CPE		cpe:2.3:a:wpwebelite:woocommerce_social_login::::::wordpress::*
References	~~() https://codecanyon.net/item/social-login-wordpress-woocommerce-plugin/8495883 -~~	() https://codecanyon.net/item/social-login-wordpress-woocommerce-plugin/8495883 - Product
References	~~() https://www.wordfence.com/threat-intel/vulnerabilities/id/97fbbf5b-d3c7-47ce-b251-ce1fe38af152?source=cve -~~	() https://www.wordfence.com/threat-intel/vulnerabilities/id/97fbbf5b-d3c7-47ce-b251-ce1fe38af152?source=cve - Third Party Advisory

Information

Published : 2024-06-15 04:15

Updated : 2025-02-07 19:49

NVD link : CVE-2024-5868

Mitre link : CVE-2024-5868

CVE.ORG link : CVE-2024-5868

JSON object : View

Products Affected

wpwebelite

woocommerce_social_login

CWE

NVD-CWE-noinfo

{"id": "CVE-2024-5868", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@wordfence.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2024-06-15T04:15:13.373", "references": [{"url": "https://codecanyon.net/item/social-login-wordpress-woocommerce-plugin/8495883", "tags": ["Product"], "source": "security@wordfence.com"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/97fbbf5b-d3c7-47ce-b251-ce1fe38af152?source=cve", "tags": ["Third Party Advisory"], "source": "security@wordfence.com"}, {"url": "https://codecanyon.net/item/social-login-wordpress-woocommerce-plugin/8495883", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/97fbbf5b-d3c7-47ce-b251-ce1fe38af152?source=cve", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The WooCommerce - Social Login plugin for WordPress is vulnerable to Email Verification in all versions up to, and including, 2.6.2 via the use of insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email verification."}, {"lang": "es", "value": "El complemento WooCommerce - Social Login para WordPress es vulnerable a la verificaci\u00f3n de correo electr\u00f3nico en todas las versiones hasta la 2.6.2 incluida mediante el uso de un c\u00f3digo de activaci\u00f3n insuficientemente aleatorio. Esto hace posible que atacantes no autenticados omitan la verificaci\u00f3n por correo electr\u00f3nico."}], "lastModified": "2025-02-07T19:49:25.727", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wpwebelite:woocommerce_social_login:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "5B82F998-6979-4FBF-8F53-FD8E57715097", "versionEndExcluding": "2.6.3"}], "operator": "OR"}]}], "sourceIdentifier": "security@wordfence.com"}