CVE-2021-34646
📋 TL;DR
This vulnerability allows attackers to bypass authentication in the Booster for WooCommerce WordPress plugin by exploiting weak token generation in the email verification process. Attackers can impersonate any user, including administrators, and gain unauthorized access to accounts. All WordPress sites using vulnerable versions of this plugin with the Email Verification module enabled are affected.
💻 Affected Systems
- Booster for WooCommerce WordPress plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain administrative access to WordPress sites, enabling complete site takeover, data theft, malware installation, and further compromise of the hosting environment.
Likely Case
Attackers gain unauthorized access to user accounts, potentially accessing sensitive customer data, modifying orders, or performing privilege escalation to administrative access.
If Mitigated
If the Email Verification module is disabled or the 'Login User After Successful Verification' setting is turned off, the vulnerability cannot be exploited for authentication bypass.
🎯 Exploit Status
Exploitation requires no authentication and has been publicly documented with proof-of-concept details available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 5.4.4 and later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Booster for WooCommerce' and click 'Update Now'. 4. Verify version is 5.4.4 or higher.
🔧 Temporary Workarounds
Disable Email Verification Module
allTemporarily disable the vulnerable module until patching is possible
Navigate to WooCommerce → Settings → Booster → Emails & Misc → Email Verification → Enable/Disable Module → Disable
Disable Auto-Login After Verification
allTurn off the setting that allows automatic login after email verification
Navigate to WooCommerce → Settings → Booster → Emails & Misc → Email Verification → Login User After Successful Verification → No
🧯 If You Can't Patch
- Disable the Booster for WooCommerce plugin entirely until patching is possible
- Implement web application firewall rules to block requests to the vulnerable process_email_verification function
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Installed Plugins → Booster for WooCommerce → Version. If version is 5.4.3 or lower, you are vulnerable.Check Version:
wp plugin list --name='Booster for WooCommerce' --field=versionVerify Fix Applied:
After updating, verify version shows 5.4.4 or higher in WordPress admin panel → Plugins → Installed Plugins.📡 Detection & Monitoring
Log Indicators:
- Unusual email verification requests for administrative accounts
- Multiple failed login attempts followed by successful verification-based logins
- User account logins from unexpected IP addresses or locations
Network Indicators:
- HTTP POST requests to /wp-admin/admin-ajax.php with action=process_email_verification
- Requests containing verification tokens without preceding account registration
SIEM Query:
source="wordpress.log" AND ("process_email_verification" OR "verification_token") AND status=200🔗 References
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2581212%40woocommerce-jetpack&new=2581212%40woocommerce-jetpack&sfp_email=&sfph_mail=
- https://www.wordfence.com/blog/2021/08/critical-authentication-bypass-vulnerability-patched-in-booster-for-woocommerce/
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2581212%40woocommerce-jetpack&new=2581212%40woocommerce-jetpack&sfp_email=&sfph_mail=
- https://www.wordfence.com/blog/2021/08/critical-authentication-bypass-vulnerability-patched-in-booster-for-woocommerce/
