WordPress Plugin Vulnerabilities

Woo Confirmation Email < 3.2.0 - Missing Access Controls to View Uploaded files

Description

The User Email Verification for WooCommerce WordPress plugin was affected by a Missing Access Controls to View Uploaded files security vulnerability.

Affects Plugins

Plugin icon
woo-confirmation-email
Fixed in 3.2.0

References

CVE
CVE-2018-21007

Classification

Type
AUTHBYPASS
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-287
CVSS
9.8 (critical)

Miscellaneous

Verified
No
WPVDB ID
b77acc32-5cfa-4869-8af5-8c128fe01497

Timeline

Publicly Published
2018-11-27 (about 7 years ago)
Added
2019-08-29 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2024-11-05
Title
Heateor Social Login WordPress < 1.1.36 - Authentication Bypass
Published
2014-08-01
Title
Portable phpMyAdmin 1.4.1 - Multiple Script Direct Request Authentication Bypass
Published
2023-11-21
Title
UserPro < 5.1.2 - Authentication Bypass to Administrator
Published
2021-02-02
Title
MStore API < 3.2.0 - Authentication Bypass With Sign In With Apple
Published
2014-08-01
Title
LayerSlider 4.6.1 - Remote Path Traversal File Access