Vulnerabilities and security researches foremails-verification-for-woocommerce emails-verification-for-woocommerce

Jun 07, 2024

CVE, Research URL: CVE-2024-4185
Home page URL: Security reports for Customer Email Verification for WooCommerce
Application: Customer Email Verification for WooCommerce
Date: Apr 30, 2024
Research Description: The Customer Email Verification for WooCommerce plugin for WordPress is vulnerable to Email Verification and Authentication Bypass in all versions up to, and including, 2.7.4 via the use of insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email verification, and if both the "Login the user automatically after the account is verified" and "Verify account for current users" options are checked, then it potentially makes it possible for attackers to bypass authentication for other users.
Affected versions: max 2.7.5.
Status: vulnerable

CVE, Research URL: 3270e3682a062f62966525a55947dd9c4891f458
Home page URL: Security reports for Customer Email Verification for WooCommerce
Application: Customer Email Verification for WooCommerce
Date: Jul 14, 2020
Research Description: Customer Email Verification for WooCommerce [emails-verification-for-woocommerce] < 1.8.2 WordPress Email Verification for WooCommerce plugin <= 1.8.1 - Bypass vulnerability Bypass vulnerability discovered by WordPress Email Verification for WooCommerce plugin (versions <= 1.8.1).
Affected versions: max 1.8.2.
Status: vulnerable

Oct 19, 2024

CVE, Research URL: CVE-2024-49305
Home page URL: Security reports for Customer Email Verification for WooCommerce
Application: Customer Email Verification for WooCommerce
Date: Oct 17, 2024
Research Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFactory Email Verification for WooCommerce allows SQL Injection.This issue affects Email Verification for WooCommerce: from n/a through 2.8.10.
Affected versions: max 2.9.0.
Status: vulnerable

Feb 13, 2025

CVE, Research URL: CVE-2024-13528
Home page URL: Security reports for Customer Email Verification for WooCommerce
Application: Customer Email Verification for WooCommerce
Date: Feb 12, 2025
Research Description: The Customer Email Verification for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.9.5. This is due to the presence of a shortcode that will generate a confirmation link with a placeholder email. This makes it possible for authenticated attackers, with Contributor-level access and above, to generate a verification link for any unverified user and log into the account. The 'Fine tune placement' option must be enabled in the plugin settings in order to exploit the vulnerability.
Affected versions: max 2.9.6.
Status: vulnerable

Feb 18, 2025

CVE, Research URL: CVE-2024-13525
Home page URL: Security reports for Customer Email Verification for WooCommerce
Application: Customer Email Verification for WooCommerce
Date: Feb 15, 2025
Research Description: The Customer Email Verification for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.4 via Shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including emails as well as hashed passwords of any user.
Affected versions: max 2.9.5.
Status: vulnerable