cleantalk
Vulnerabilities and Security Researches

Customer Email Verification for WooCommerce, CVE-2024-13528

CVE, Research URL

CVE-2024-13528

Home page URL

Security reports for Customer Email Verification for WooCommerce

Application

Customer Email Verification for WooCommerce

Published on
Feb 12, 2025
Research Description
The Customer Email Verification for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.9.5. This is due to the presence of a shortcode that will generate a confirmation link with a placeholder email. This makes it possible for authenticated attackers, with Contributor-level access and above, to generate a verification link for any unverified user and log into the account. The 'Fine tune placement' option must be enabled in the plugin settings in order to exploit the vulnerability.
Affected versions
max 2.9.6.
Status
vulnerable
Previous vulnerability researches
Customer Email Verification for WooCommerce (CVE-2024-4185) , Jun 07, 2024
Customer Email Verification for WooCommerce (3270e3682a062f62966525a55947dd9c4891f458) , Jun 07, 2024
Customer Email Verification for WooCommerce (CVE-2024-13528) , Feb 13, 2025
Customer Email Verification for WooCommerce (CVE-2024-13525) , Feb 18, 2025
Customer Email Verification for WooCommerce (CVE-2024-49305) , Oct 19, 2024
New vulnerability
OOPSpam Anti-Spam (CVE-2026-32544) , Mar 31, 2026
NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor (CVE-2026-27042) , Mar 31, 2026
The Conference (CVE-2026-32335) , Mar 31, 2026
WP Booking System – Booking Calendar (CVE-2025-68515) , Mar 31, 2026
UPI QR Code Payment Gateway for WooCommerce (CVE-2025-67969) , Mar 31, 2026