Overview
- Description
- The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.7.7. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token.
- Source
- security@wordfence.com
- NVD status
- Undergoing Analysis
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8.1
- Impact score
- 5.9
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Weaknesses
- nvd@nist.gov
- NVD-CWE-noinfo
- security@wordfence.com
- CWE-287
Social media
- Hype score
- Not currently trending
🚨 CVE-2024-10114 (Published: 2024-11-05) - A critical vulnerability in WooCommerce affects multiple versions. Ensure your site is secure by updating to the latest version. For detailed changelogs and remediation steps, check out: https://t.co/Jcl4DlCDQQ #WooCommerce #Security
@transilienceai
7 Nov 2024
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10114 (Published: 2024-11-05) - Critical vulnerability in WooCommerce. Affects multiple versions. 🛡️ Ensure your site is secure by updating to the latest version. Check the changelog for details: https://t.co/Jcl4DlCDQQ #WooCommerce #CyberSecurity
@transilienceai
7 Nov 2024
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-10114 The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.7.7. This is due to insufficient ve… https://t.co/UtiRUW3He3
@CVEnew
5 Nov 2024
179 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Configurations
[ { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:a:wpwebelite:woocommerce_-_social_login:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "326AB3F1-0D7E-4BA9-9253-319F09967B2F", "versionEndExcluding": "2.7.8" } ], "operator": "OR" } ] } ]