Critical Authentication Bypass in Booster for WooCommerce

Allows an attacker to sign in as admin / FROM WORDFENCE.com

Moments ago the Wordfence Threat Intelligence Team published details of a vulnerability in the Booster for WooCommerce plugin. This vulnerability allows an attacker to gain admin access to a WordPress site by initiating an email verification request, then crafting the verification URL themselves, and using that URL to automatically log in as the site admin.

You can find out which versions are affected, how to protect yourself against this vulnerability, and all the technical details on the Wordfence Blog.