CVE-2024-6637
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
20/07/2024
Last modified:
11/02/2025
Description
The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthenticated privilege escalation in all versions up to, and including, 2.7.3. This is due to a lack of brute force controls on a weak one-time password. This makes it possible for unauthenticated attackers to brute force the one-time password for any user, except an Administrator, if they know the email of user.
Impact
Base Score 3.x
7.30
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:wpwebelite:woocommerce_social_login:*:*:*:*:*:wordpress:*:* | 2.7.4 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://codecanyon.net/item/social-login-wordpress-woocommerce-plugin/8495883
- https://www.wordfence.com/threat-intel/vulnerabilities/id/10d92d5e-1c23-4f6a-bfab-0756876190a5?source=cve
- https://codecanyon.net/item/social-login-wordpress-woocommerce-plugin/8495883
- https://www.wordfence.com/threat-intel/vulnerabilities/id/10d92d5e-1c23-4f6a-bfab-0756876190a5?source=cve