CVE-2024-6637

The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthenticated privilege escalation in all versions up to, and including, 2.7.3. This is due to a lack of brute force controls on a weak one-time password. This makes it possible for unauthenticated attackers to brute force the one-time password for any user, except an Administrator, if they know the email of user.

CVSS v3 7.3 HIGH

7.3^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://codecanyon.net/item/social-login-wordpress-woocommerce-plugin/8495883
https://www.wordfence.com/threat-intel/vulnerabilities/id/10d92d5e-1c23-4f6a-bfab-0756876190a5?source=cve

Configurations

No configuration.

History

No history.

Information

Published : 2024-07-20 08:15

Updated : 2024-07-22 13:00

NVD link : CVE-2024-6637

Mitre link : CVE-2024-6637

CVE.ORG link : CVE-2024-6637

JSON object : View

Products Affected

No product.

CWE

CWE-305

Authentication Bypass by Primary Weakness

7.3 /10