User Email Verification for WooCommerce <= 3.5.0 – Authentication bypass via weak token generation | CVE 2023-2781 | Plugin Vulnerabilities

Description

The plugin uses a weak random token when resending email address verifications, allowing an unauthenticated attacker to impersonate users and trigger an email address verification for arbitrary accounts, including administrative accounts. Furthermore, if the Allow Automatic Login After Successful Verification setting is enabled, the attacker will be directly logged in as the impersonated user account.

Affects Plugins

woo-confirmation-email

No known fix

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/woo-confirmation-email/user-email-verification-for-woocommerce-350-authentication-bypass

Classification

Type

INSUFFICIENT CRYPTOGRAPHY

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CVSS

Miscellaneous

Original Researcher

Lana Codes

Verified

No

WPVDB ID

9823257a-dd60-46db-979b-849a89a135c4

Timeline

Publicly Published

2023-06-02 (about 11 months ago)

Added

2023-06-03 (about 11 months ago)

Last Updated

2023-06-03 (about 11 months ago)

Other

Published

Title

Published

2023-06-06

Title

Abandoned Cart Lite for WooCommerce < 5.15.0 - Authentication Bypass

Published

2021-10-13

Title

Simple JWT Login < 3.3.0 - Insecure Password Creation

Published

2022-09-21

Title

Passster < 3.5.5.5.2 - Insecure Storage of Password

Published

2023-07-14

Title

All-In-One Security (AIOS) – Security and Firewall < 5.2.0 - Insecure Storage of Password

Published

2023-11-21

Title

UserPro < 5.1.2 - Insecure Password Reset Mechanism