WordPress Plugin Vulnerabilities

Booster for WooCommerce < 5.4.4 - Authentication Bypass

Description

Versions up to, and including, 5.4.3, of the Booster for WooCommerce WordPress plugin are vulnerable to authentication bypass via the process_email_verification function due to a random token generation weakness in the reset_and_mail_activation_link function found in the ~/includes/class-wcj-emails-verification.php file. This allows attackers to impersonate users and trigger an email address verification for arbitrary accounts, including administrative accounts, and automatically be logged in as that user, including any site administrators. This requires the Email Verification module to be active in the plugin and the Login User After Successful Verification setting to be enabled, which is by default.

Proof of Concept

Affects Plugins

Plugin icon
woocommerce-jetpack
Fixed in 5.4.4

References

CVE
CVE-2021-34646
URL
https://www.wordfence.com/blog/2021/08/critical-authentication-bypass-vulnerability-patched-in-booster-for-woocommerce/

Classification

Type
AUTHBYPASS
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-287
CVSS
9.8 (critical)

Miscellaneous

Original Researcher
Chloe Chamberland
Submitter
Chloe Chamberland
Submitter website
https://wordfence.com
Submitter twitter
infosecchloe
Verified
Yes
WPVDB ID
b5795f8a-78b8-481e-8522-7bd4689c917c

Timeline

Publicly Published
2021-08-24 (about 4 years ago)
Added
2021-08-24 (about 4 years ago)
Last Updated
2022-04-10 (about 3 years ago)

Other

Published
Title
Published
2025-02-11
Title
Customer Email Verification for WooCommerce < 2.9.6 - Authentication Bypass via Shortcode
Published
2018-03-13
Title
UserPro <= 4.9.20 - User Registration With Administrator Role
Published
2025-10-15
Title
Ace User Management <= 2.0.3 - Subscriber+ Authentication Bypass via Password Rest
Published
2015-04-15
Title
Profile Builder < 2.1.4 - Missing Access Controls
Published
2026-03-09
Title
Tutor LMS Pro < 3.9.6 - Authentication Bypass via Social Login