CVE-2024-13528

Name of the Vulnerable Software and Affected Versions Customer Email Verification for WooCommerce plugin for WordPress versions up to and including 2.9.5

Description The issue is related to authentication bypass in the plugin. This is due to the presence of a shortcode that generates a confirmation link with a placeholder email. Authenticated attackers with Contributor-level access and above can generate a verification link for any unverified user and log into the account. The 'Fine tune placement' option must be enabled in the plugin settings to exploit this issue.

Recommendations For versions up to and including 2.9.5, update to a version higher than 2.9.5 to resolve the issue. As a temporary workaround, consider disabling the 'Fine tune placement' option in the plugin settings until a patch is available.