← Back to CVE List

CVE-2024-13528

Published: 2025-02-12T10:15Z
Last Modified: 2025-02-18T18:53Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
The Customer Email Verification for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.9.5. This is due to the presence of a shortcode that will generate a confirmation link with a placeholder email. This makes it possible for authenticated attackers, with Contributor-level access and above, to generate a verification link for any unverified user and log into the account. The 'Fine tune placement' option must be enabled in the plugin settings in order to exploit the vulnerability. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt