Email Verification for WooCommerce < 1.8.2 - Loose Comparison to Authentication Bypass

What is "Email Verification for WooCommerce < 1.8.2 - Loose Comparison to Authentication Bypass?"

The "Email Verification for WooCommerce < 1.8.2 - Loose Comparison to Authentication Bypass" module is designed to detect a vulnerability in the Email Verification for WooCommerce WordPress plugin. This plugin, prior to version 1.8.2, is susceptible to a loose comparison issue that could potentially allow any user to log in as an administrator.

This vulnerability has a severity level of critical, indicating the potential for significant harm if exploited. The module was authored by random_robbie and daffianfo.

Impact

If successfully exploited, this vulnerability could allow unauthorized users to gain administrative access to the affected WooCommerce installation. This could lead to unauthorized access to sensitive data, modification of settings, and potential compromise of the entire WordPress site.

How the module works?

The module works by sending HTTP requests to specific paths associated with the Email Verification for WooCommerce plugin. It then applies a series of matching conditions to determine if the vulnerability is present.

One example of an HTTP request sent by the module is:

GET /my-account/?alg_wc_ev_verify_email=eyJpZCI6MSwiY29kZSI6MH0=

The module applies the following matching conditions:

- The response header must contain a cookie named "wordpress_logged_in_[a-z0-9]{32}" - The response body must contain the phrases "Your account has been activated!" and "From your account dashboard you can view your" - The response status code must be 200

If all of these conditions are met, the module reports a vulnerability, indicating that the loose comparison issue is present in the Email Verification for WooCommerce plugin.