Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-34646 PoC — Booster for WooCommerce <= 5.4.3 Authentication Bypass

Source
https://github.com/motikan2010/CVE-2021-34646
Associated Vulnerability
Title:Booster for WooCommerce <= 5.4.3 Authentication Bypass (CVE-2021-34646)
Description:Versions up to, and including, 5.4.3, of the Booster for WooCommerce WordPress plugin are vulnerable to authentication bypass via the process_email_verification function due to a random token generation weakness in the reset_and_mail_activation_link function found in the ~/includes/class-wcj-emails-verification.php file. This allows attackers to impersonate users and trigger an email address verification for arbitrary accounts, including administrative accounts, and automatically be logged in as that user, including any site administrators. This requires the Email Verification module to be active in the plugin and the Login User After Successful Verification setting to be enabled, which it is by default.
Description
CVE-2021-34646 PoC
Readme
# CVE-2021-34646 PoC

this vulnerability detail by NVD
> Versions up to, and including, 5.4.3, of the Booster for WooCommerce WordPress plugin are vulnerable to authentication bypass via the process_email_verification function due to a random token generation weakness in the reset_and_mail_activation_link function found in the ~/includes/class-wcj-emails-verification.php file. This allows attackers to impersonate users and trigger an email address verification for arbitrary accounts, including administrative accounts, and automatically be logged in as that user, including any site administrators. This requires the Email Verification module to be active in the plugin and the Login User After Successful Verification setting to be enabled, which it is by default.

## Using

```
1. Edit "CVE-2021-34646.py" file.

2. Run script. "python CVE-2021-34646.py"

3. Access to "Authenticated URL".
```

## Reference

- Critical Authentication Bypass Vulnerability Patched in Booster for WooCommerce  
https://www.wordfence.com/blog/2021/08/critical-authentication-bypass-vulnerability-patched-in-booster-for-woocommerce/
- NVD - CVE-2021-34646  
https://nvd.nist.gov/vuln/detail/CVE-2021-34646
File Snapshot

 [4.0K]  /data/pocs/ccc6ee560c8eb2c146bf6e9268d5e16cbecae822
├── [ 866]  CVE-2021-34646.py
└── [1.2K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →