Optimizely Configured Commerce Account Creation Vulnerability in B2B Application

Vulnerability

A vulnerability exists in Optimizely Configured Commerce versions prior to 5.2.2408, where the B2B application does not require email confirmation for newly created accounts. This issue allows for the mass creation of accounts, potentially impacting database storage and leading to the creation of unsolicited storefront accounts on behalf of visitors.

Impact

The vulnerability could be exploited to create multiple accounts without email verification, potentially leading to an accumulation of unverified accounts in the database and the creation of accounts on behalf of visitors in the storefront.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Optimizely Configured Commerce Account Creation Vulnerability in B2B Application

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating