ID:7058 - Exploit for Improper Authentication in Booster for WooCommerce - CVE-2021-34646

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Exploits ID:7058 - Exploit for Improper Authentication in Booster for WooCommerce - CVE-2021-34646

ID:7058 - Exploit for Improper Authentication in Booster for WooCommerce - CVE-2021-34646

Published: November 25, 2021


Vulnerability identifier: #VU56299
Vulnerability risk: High
CVE-ID: CVE-2021-34646
CWE-ID: CWE-287
Exploitation vector: Remote access
Vulnerable software:
Booster for WooCommerce

Link to public exploit:


Vulnerability description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists in the "process_email_verification" function due to a random token generation weakness in the "reset_and_mail_activation_link" function found in the ~/includes/class-wcj-emails-verification.php file. A remote attacker can bypass authentication process and gain unauthorized access to the application.


Remediation

Install updates from vendor's website.