CVE-2021-34646

Booster for WooCommerce <= 5.4.3 Authentication Bypass

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Versions up to, and including, 5.4.3, of the Booster for WooCommerce WordPress plugin are vulnerable to authentication bypass via the process_email_verification function due to a random token generation weakness in the reset_and_mail_activation_link function found in the ~/includes/class-wcj-emails-verification.php file. This allows attackers to impersonate users and trigger an email address verification for arbitrary accounts, including administrative accounts, and automatically be logged in as that user, including any site administrators. This requires the Email Verification module to be active in the plugin and the Login User After Successful Verification setting to be enabled, which it is by default.

Las versiones hasta 5.4.3, incluyéndola, del plugin Booster for WooCommerce para WordPress, son vulnerables a una omisión de la autenticación por medio de la función process_email_verification debido a una debilidad en la generación de tokens aleatorios en la función reset_and_mail_activation_link que se encuentra en el archivo ~/includes/class-wcj-emails-verification.php. Esto permite a atacantes suplantar a usuarios y desencadenar una comprobación de la dirección de correo electrónico para cuentas arbitrario, incluyendo cuentas administrativas, y automáticamente iniciar sesión como ese usuario, incluyendo cualquier administrador del sitio. Esto requiere que el módulo de Comprobación de Correo Electrónico esté activo en el plugin y que la configuración de Inicio de Sesión del Usuario Después de la comprobación Exitosa esté habilitada, lo cual es por defecto.

*Credits: Chloe Chamberland, Wordfence

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-06-10 CVE Reserved
2021-08-24 CVE Published
2021-09-04 First Exploit
2024-07-16 EPSS Updated
2024-09-16 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-288: Authentication Bypass Using an Alternate Path or Channel
CWE-290: Authentication Bypass by Spoofing
CWE-330: Use of Insufficiently Random Values

CAPEC

References (5)

URL	Tag	Source

URL	Date	SRC
https://www.exploit-db.com/exploits/50299	2021-09-17
https://github.com/motikan2010/CVE-2021-34646	2021-09-04
https://github.com/0xB455/CVE-2021-34646	2024-05-15
https://www.wordfence.com/blog/2021/08/critical-authentication-bypass-vulnerability-patched-in-booster-for-woocommerce	2024-09-16

URL	Date	SRC
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2581212%40woocommerce-jetpack&new=2581212%40woocommerce-jetpack&sfp_email=&sfph_mail=	2022-08-12

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Booster Search vendor "Booster"		Booster For Woocommerce Search vendor "Booster" for product "Booster For Woocommerce"				<= 5.4.3 Search vendor "Booster" for product "Booster For Woocommerce" and version " <= 5.4.3"		wordpress		Affected