The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'woo_slg_login_email' function in all versions up to, and including, 2.7.3. This makes it possible for unauthenticated attackers to change the default role to Administrator while registering for an account.
History

Tue, 11 Feb 2025 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Wpwebelite
Wpwebelite woocommerce Social Login
CPEs cpe:2.3:a:wpwebelite:woocommerce_social_login:*:*:*:*:*:wordpress:*:*
Vendors & Products Wpwebelite
Wpwebelite woocommerce Social Login

cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2024-08-01T21:41:04.281Z

Reserved: 2024-07-09T21:41:08.937Z

Link: CVE-2024-6636

cve-icon Vulnrichment

Updated: 2024-08-01T21:41:04.281Z

cve-icon NVD

Status : Analyzed

Published: 2024-07-20T08:15:16.510

Modified: 2025-02-11T15:41:28.280

Link: CVE-2024-6636

cve-icon Redhat

No data.