CVE-2021-34646 : Versions up to, and including, 5.4.3, of the Booster for WooCommerce WordPress p

Versions up to, and including, 5.4.3, of the Booster for WooCommerce WordPress plugin are vulnerable to authentication bypass via the process_email_verification function due to a random token generation weakness in the reset_and_mail_activation_link function found in the ~/includes/class-wcj-emails-verification.php file. This allows attackers to impersonate users and trigger an email address verification for arbitrary accounts, including administrative accounts, and automatically be logged in as that user, including any site administrators. This requires the Email Verification module to be active in the plugin and the Login User After Successful Verification setting to be enabled, which it is by default.

Published 2021-08-30 19:15:09

Updated 2022-08-12 17:52:08

Source Wordfence

View at NVD, CVE.org

Products affected by CVE-2021-34646

Booster » Booster For Woocommerce » For Wordpress
Versions up to, including, (<=) 5.4.3
cpe:2.3:a:booster:booster_for_woocommerce:*:*:*:*:*:wordpress:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2021-34646

EPSS FAQ

27.95%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 96 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-34646

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	Wordfence
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2021-34646

CWE-290 Authentication Bypass by Spoofing

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

Assigned by: security@wordfence.com (Secondary)
CWE-330 Use of Insufficiently Random Values

The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2021-34646

https://www.wordfence.com/blog/2021/08/critical-authentication-bypass-vulnerability-patched-in-booster-for-woocommerce/

Critical Authentication Bypass Vulnerability Patched in Booster for WooCommerce
Exploit;Third Party Advisory
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2581212%40woocommerce-jetpack&new=2581212%40woocommerce-jetpack&sfp_email=&sfph_mail=

Changeset 2581212 for woocommerce-jetpack – WordPress Plugin Repository
Patch;Third Party Advisory

Jump to

Vulnerability Details : CVE-2021-34646

Products affected by CVE-2021-34646

Exploit prediction scoring system (EPSS) score for CVE-2021-34646

CVSS scores for CVE-2021-34646

CWE ids for CVE-2021-34646

References for CVE-2021-34646