CVE Published: 12/07/2023 |
CVE Updated: 02/08/2024 |
CVE Year: 2023 Source: Wordfence |
Vendor: wanderlustcodes |
Product: Getnet Argentina para Woocommerce Status : PUBLISHED
CVE-2023-3525 Description
The Getnet Argentina para Woocommerce plugin for WordPress is vulnerable to authorization bypass due to missing validation on the \'webhook\' function in versions up to, and including, 0.0.4. This makes it possible for unauthenticated attackers to set their payment status to \'APPROVED\' without payment.
Metrics
CVSS Version: 3.1 |
Base Score: 7.5 HIGH Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N