VYPR

Woo Confirmation Email

by WordPress

CVEs (2)

  • CVE-2023-2781HigJun 3, 2023
    risk 0.53cvss 8.1epss 0.01

    The User Email Verification for WooCommerce plugin for WordPress is vulnerable to authentication bypass via authenticate_user_by_email in versions up to, and including, 3.5.0. This is due to a random token generation weakness in the resend_verification_email function. This…

  • CVE-2018-21007Aug 29, 2019
    risk 0.00cvss epss 0.02

    The woo-confirmation-email plugin before 3.2.0 for WordPress has no blocking of direct access to supportive xl folders inside uploads.