WordPress Plugin Vulnerabilities

Email Verification for WooCommerce < 1.8.2 - Loose Comparison to Authentication Bypass

Description

The plugin is affected by a loose comparison issue, which could allow any user to log in as administrator.

Proof of Concept

Affects Plugins

Plugin icon
emails-verification-for-woocommerce
Fixed in 1.8.2
Plugin icon
email-verification-for-woocommerce-pro
Fixed in 1.8.2

References

URL
https://plugins.trac.wordpress.org/changeset/2312715

Classification

Type
AUTHBYPASS
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-287
CVSS
9.8 (critical)

Miscellaneous

Original Researcher
Michał Lipiński
Submitter
Michał Lipiński
Submitter website
https://beastiecode.com
Verified
No
WPVDB ID
0c93832c-83db-4053-8a11-70de966bb3a8

Timeline

Publicly Published
2020-07-14 (about 5 years ago)
Added
2020-07-14 (about 5 years ago)
Last Updated
2020-07-14 (about 5 years ago)

Other

Published
Title
Published
2014-08-01
Title
Spam Free Plugin 1.9.2 - IP Blocklist Restriction Bypass
Published
2025-06-05
Title
PayU CommercePro Plugin < 3.8.8 - Authentication Bypass
Published
2024-11-05
Title
Heateor Social Login WordPress < 1.1.36 - Authentication Bypass
Published
2022-09-05
Title
OAuth client Single Sign On for WordPress < 3.0.4 - Unauthenticated Settings Update to Authentication Bypass
Published
2022-04-21
Title
WPQA < 5.2 - Subscriber+ Arbitrary Profile Picture Deletion via IDOR