CVE-2018-21007
CRITICALwoo-confirmation-email < 3.2.0 - Unauthenticated Improper Access Control
Title source: llmDescription
The woo-confirmation-email plugin before 3.2.0 for WordPress has no blocking of direct access to supportive xl folders inside uploads.
References (2)
Core 2
Core References
Release Notes x_refsource_misc
https://wordpress.org/plugins/woo-confirmation-email/#developers
Third Party Advisory x_refsource_misc
https://wpvulndb.com/vulnerabilities/9847
Scores
CVSS v3
9.8
EPSS
0.0195
EPSS Percentile
77.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-284
Status
published
Products (1)
wisetr/user_email_verification_for_woocommerce
< 3.2.0
Published
Aug 29, 2019
Tracked Since
Feb 18, 2026