Medium severity6.5NVD Advisory· Published Jun 15, 2024· Updated Apr 8, 2026

CVE-2024-5868

Description

The WooCommerce - Social Login plugin for WordPress is vulnerable to Email Verification in all versions up to, and including, 2.6.2 via the use of insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email verification.

Affected products

Wpwebelite/Woocommerce Social Login
cpe:2.3:a:wpwebelite:woocommerce_social_login:*:*:*:*:*:wordpress:*:*
Range: <2.6.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.wordfence.com/threat-intel/vulnerabilities/id/97fbbf5b-d3c7-47ce-b251-ce1fe38af152nvdThird Party Advisory
codecanyon.net/item/social-login-wordpress-woocommerce-plugin/8495883nvdProduct

News mentions

No linked articles in our index yet.

cvss	0.423
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000