CVE-2021-34646

Booster for WooCommerce <= 5.4.3 - Authentication Bypass

criticalAuthentication Bypass Using an Alternate Path or Channel

9.8

CVSS Score

9.8

CVSS Score

critical

Severity

5.4.4

Patched in

881d

Time to patch

Description

Versions up to, and including, 5.4.3, of the Booster for WooCommerce WordPress plugin are vulnerable to authentication bypass via the process_email_verification function due to a random token generation weakness in the reset_and_mail_activation_link function found in the ~/includes/class-wcj-emails-verification.php file. This allows attackers to impersonate users and trigger an email address verification for arbitrary accounts, including administrative accounts, and automatically be logged in as that user, including any site administrators. This requires the Email Verification module to be active in the plugin and the Login User After Successful Verification setting to be enabled, which it is by default.

CVSS Vector Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

High

Confidentiality

High

Integrity

High

Availability

Technical Details

Affected versions<=5.4.3

PublishedAugust 24, 2021

Last updatedJanuary 22, 2024

Affected pluginwoocommerce-jetpack

References

https://www.wordfence.com/threat-intel/vulnerabilities/id/af37f301-d97f-47d3-b6a8-88cb41344541?source=api-prod

Check if your site is affected.

Run a free security audit to detect vulnerable plugins, outdated versions, and misconfigurations.

Run free audit Browse CVE database