{"vulnerability": "CVE-2024-13528", "sightings": [{"uuid": "6a8f59a7-6fc8-46f0-80d5-d79a00d11d8f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13528", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4068", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13528\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-02-12T10:15:12.130\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://plugins.trac.wordpress.org/browser/emails-verification-for-woocommerce/tags/2.9.2/includes/class-alg-wc-ev-emails.php#L151\n2. https://plugins.trac.wordpress.org/changeset/3238136/\n3. https://www.wordfence.com/threat-intel/vulnerabilities/id/0b3798e3-45fe-4829-9012-dc728d4af87f?source=cve", "creation_timestamp": "2025-02-12T11:10:45.000000Z"}, {"uuid": "ead8ef04-e4d9-49f1-b7c4-178993f19db5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13528", "type": "seen", "source": "https://t.me/cvedetector/17838", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13528 - WooCommerce WordPress Customer Email Verification Authentication Bypass\", \n  \"Content\": \"CVE ID : CVE-2024-13528 \nPublished : Feb. 12, 2025, 10:15 a.m. | 37\u00a0minutes ago \nDescription : The Customer Email Verification for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.9.5. This is due to the presence of a shortcode that will generate a confirmation link with a placeholder email. This makes it possible for authenticated attackers, with Contributor-level access and above, to generate a verification link for any unverified user and log into the account. The 'Fine tune placement' option must be enabled in the plugin settings in order to exploit the vulnerability. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-12T12:41:39.000000Z"}, {"uuid": "6513380e-38de-4376-a153-1aa9fed64779", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13528", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113990323173619602", "content": "", "creation_timestamp": "2025-02-12T09:58:17.036200Z"}, {"uuid": "a63e6aaf-5481-4d08-8e2e-4fc6dc64802c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13528", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhxwxjn45p2x", "content": "", "creation_timestamp": "2025-02-12T10:16:10.871111Z"}, {"uuid": "cd7dde6d-8196-4096-b47a-83f5d1762b4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13528", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lhyemcnecv2w", "content": "", "creation_timestamp": "2025-02-12T14:20:30.355568Z"}, {"uuid": "e5b09b66-54e9-4988-ba8e-d7e10dfc27f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13528", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4094", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13528\n\ud83d\udd25 CVSS Score: 7.5 (CVSS_V3)\n\ud83d\udd39 Description: The Customer Email Verification for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.9.5. This is due to the presence of a shortcode that will generate a confirmation link with a placeholder email. This makes it possible for authenticated attackers, with Contributor-level access and above, to generate a verification link for any unverified user and log into the account. The 'Fine tune placement' option must be enabled in the plugin settings in order to exploit the vulnerability.\n\ud83d\udccf Published: 2025-02-12T12:30:47Z\n\ud83d\udccf Modified: 2025-02-12T12:30:47Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-13528\n2. https://plugins.trac.wordpress.org/browser/emails-verification-for-woocommerce/tags/2.9.2/includes/class-alg-wc-ev-emails.php#L151\n3. https://plugins.trac.wordpress.org/changeset/3238136\n4. https://www.wordfence.com/threat-intel/vulnerabilities/id/0b3798e3-45fe-4829-9012-dc728d4af87f?source=cve", "creation_timestamp": "2025-02-12T13:11:27.000000Z"}]}