CVE-2024-6636

Name of the Vulnerable Software and Affected Versions WooCommerce - Social Login plugin for WordPress versions up to, and including, 2.7.3

Description The issue allows unauthorized modification of data due to a missing capability check on the woo slg login email function. This enables unauthenticated attackers to change the default role to Administrator while registering for an account.

Recommendations For versions up to, and including, 2.7.3, update to a version higher than 2.7.3 to resolve the issue. As a temporary workaround, consider disabling the woo slg login email function until a patch is available. Restrict access to user registration to minimize the risk of exploitation.