Critical Authentication Bypass Vulnerability Patched in Booster for WooCommerce

Booster for WooCommerce is an addon plugin for WooCommerce designed to enhance its functionality through the use of various modules that site owners can enable and disable at any point. One module that the plugin offers is an Email Verification module, which adds a requirement for users to verify their email after they have registered on the site.

Unfortunately, the WordFence team found that this feature was insecurely implemented, which made it possible for an attacker to impersonate any user and send a verification request that could allow the attacker to easily recreate the token needed to “verify” the targeted user’s email, and be automatically logged in as that user.

More details at: https://www.wordfence.com/blog/2021/08/critical-authentication-bypass-vulnerability-patched-in-booster-for-woocommerce

Posted in Vulnerability.