CVE-2024-5871

Name of the Vulnerable Software and Affected Versions: WooCommerce - Social Login plugin for WordPress versions up to, and including, 2.6.2

Description: The issue allows unauthenticated attackers to inject a PHP Object via deserialization of untrusted input from the woo slg verify parameter. This could potentially enable the deletion of arbitrary files, retrieval of sensitive data, or execution of code if a POP chain is present, possibly introduced by an additional plugin or theme on the target system.

Recommendations: For versions up to, and including, 2.6.2, update to a version later than 2.6.2 to resolve the issue. As a temporary workaround, consider restricting access to the woo slg verify parameter to minimize the risk of exploitation.