2 matches found
CVE-2024-13528
CVE-2024-13528 : The Customer Email Verification for WooCommerce plugin (WordPress) is vulnerable to an authentication bypass. An attacker with Contributor+ privileges can generate a verification link for any unverified user via a shortcode that creates a confirmation link with a placeholder emai...
CVE-2024-13525
CVE-2024-13525 affects Customer Email Verification for WooCommerce (WordPress) up to version 2.9.4. An authenticated attacker with Contributor+ can exfiltrate emails and hashed passwords via Shortcode. Remediation: update to a version higher than 2.9.4 (patch available).