CVE Published: 20/07/2024 |
CVE Updated: 01/08/2024 |
CVE Year: 2024 Source: Wordfence |
Vendor: WPWeb |
Product: WooCommerce - Social Login Status : PUBLISHED
CVE-2024-6637 Description
The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthenticated privilege escalation in all versions up to, and including, 2.7.3. This is due to a lack of brute force controls on a weak one-time password. This makes it possible for unauthenticated attackers to brute force the one-time password for any user, except an Administrator, if they know the email of user.
Metrics
CVSS Version: 3.1 |
Base Score: 7.3 HIGH Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L