CVE-2024-6635
📋 TL;DR
The WooCommerce Social Login plugin for WordPress has an authentication bypass vulnerability that allows unauthenticated attackers to log in as any non-administrator user if they know the user's email address. This affects all WordPress sites using the plugin version 2.7.3 or earlier. Attackers can gain unauthorized access to user accounts and potentially perform actions as those users.
💻 Affected Systems
- WooCommerce - Social Login WordPress Plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain access to all non-admin user accounts, potentially compromising sensitive user data, performing unauthorized transactions, or escalating privileges through other vulnerabilities.
Likely Case
Attackers compromise specific targeted user accounts to steal personal information, perform fraudulent purchases, or access restricted content.
If Mitigated
Attackers can only attempt authentication bypass but fail due to proper controls, logging, or monitoring.
🎯 Exploit Status
Exploitation requires only knowledge of a user's email address and access to the vulnerable endpoint.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.7.4 or later
Vendor Advisory: https://codecanyon.net/item/social-login-wordpress-woocommerce-plugin/8495883
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'WooCommerce Social Login' and update to version 2.7.4 or later. 4. Verify the update completed successfully.
🔧 Temporary Workarounds
Disable the vulnerable plugin
allTemporarily deactivate the WooCommerce Social Login plugin until it can be updated.
wp plugin deactivate woo-social-login
Restrict access to login endpoints
allUse web application firewall rules to restrict access to the vulnerable authentication endpoints.
🧯 If You Can't Patch
- Disable the WooCommerce Social Login plugin immediately.
- Implement additional authentication controls such as multi-factor authentication for all user accounts.
🔍 How to Verify
Check if Vulnerable:
Check the plugin version in WordPress admin under Plugins > Installed Plugins. If version is 2.7.3 or earlier, the system is vulnerable.Check Version:
wp plugin get woo-social-login --field=versionVerify Fix Applied:
Verify the plugin version is 2.7.4 or later in the WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual authentication attempts using email addresses without proper credentials
- Multiple failed login attempts followed by successful logins from unusual IP addresses
- User account access from unexpected locations or devices
Network Indicators:
- HTTP POST requests to /wp-admin/admin-ajax.php with action=woo_slg_login_email containing email parameters
- Unusual authentication traffic patterns
SIEM Query:
source="wordpress" AND (uri_path="/wp-admin/admin-ajax.php" AND action="woo_slg_login_email")🔗 References
- https://codecanyon.net/item/social-login-wordpress-woocommerce-plugin/8495883
- https://www.wordfence.com/threat-intel/vulnerabilities/id/37836722-eb25-4393-8cdf-91057642ba3f?source=cve
- https://codecanyon.net/item/social-login-wordpress-woocommerce-plugin/8495883
- https://www.wordfence.com/threat-intel/vulnerabilities/id/37836722-eb25-4393-8cdf-91057642ba3f?source=cve
