CVE-2024-4185

Name of the Vulnerable Software and Affected Versions Customer Email Verification for WooCommerce plugin for WordPress versions up to 2.7.4

Description The issue concerns the Customer Email Verification for WooCommerce plugin for WordPress, which is vulnerable to email verification and authentication bypass in all versions up to, and including, 2.7.4. This vulnerability arises from the use of an insufficiently random activation code, allowing unauthenticated attackers to bypass email verification. If the options "Login the user automatically after the account is verified" and "Verify account for current users" are checked, attackers may potentially bypass authentication for other users.

Recommendations For versions up to 2.7.4, update the Customer Email Verification for WooCommerce plugin to a version higher than 2.7.4 to mitigate the risk of email verification and authentication bypass. As a temporary workaround, consider unchecking the options "Login the user automatically after the account is verified" and "Verify account for current users" to minimize the risk of exploitation.