Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2021-34646

Published: 30/08/2021 Updated: 12/08/2022
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Booster For Woocommerce

Vulnerability Summary

Versions up to, and including, 5.4.3, of the Booster for WooCommerce WordPress plugin are vulnerable to authentication bypass via the process_email_verification function due to a random token generation weakness in the reset_and_mail_activation_link function found in the ~/includes/class-wcj-emails-verification.php file. This allows malicious users to impersonate users and trigger an email address verification for arbitrary accounts, including administrative accounts, and automatically be logged in as that user, including any site administrators. This requires the Email Verification module to be active in the plugin and the Login User After Successful Verification setting to be enabled, which it is by default.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

booster booster for woocommerce

Exploits

Exploit DB: WordPress WooCommerce Booster 5.4.3 Authentication Bypass
WordPress WooCommerce Booster plugin version 543 suffers from an authentication bypass vulnerability ...

Github Repositories

https://github.com/motikan2010/CVE-2021-34646

CVE-2021-34646 PoC

CVE-2021-34646 PoC this vulnerability detail by NVD Versions up to, and including, 543, of the Booster for WooCommerce WordPress plugin are vulnerable to authentication bypass via the process_email_verification function due to a random token generation weakness in the reset_and_mail_activation_link function found in the ~/includes/class-wcj-emails-verificationphp file This

https://github.com/0xB455/CVE-2021-34646

PoC for CVE-2021-34646

CVE-2021-34646 PoC for CVE-2021-34646 Exploit Title: WordPress Plugin WooCommerce Booster Plugin 543 - Authentication Bypass Date: 2021-09-16 Exploit Author: Sebastian Kriesten (0xB455) Contact: twittercom/0xB455 Affected Plugin: Booster for WooCommerce Plugin Slug: woocommerce-jetpack Vulnerability disclosure: wwwwordfencecom/blog/2021/08/criti

References

CWE-330https://www.wordfence.com/blog/2021/08/critical-authentication-bypass-vulnerability-patched-in-booster-for-woocommerce/https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2581212%40woocommerce-jetpack&new=2581212%40woocommerce-jetpack&sfp_email=&sfph_mail=https://nvd.nist.govhttps://github.com/motikan2010/CVE-2021-34646https://packetstormsecurity.com/files/164187/WordPress-WooCommerce-Booster-5.4.3-Authentication-Bypass.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895blind SQL injectionCVE-2024-5064CVE-2023-52677CVE-2023-52682CVE-2024-30051CVE-2024-35849remote attackersremote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook