CVE-2023-3525

Exploit

EPSS 0.64%
Veröffentlicht 12.07.2023 05:15:10
Zuletzt bearbeitet 21.11.2024 08:17:27
Quelle security@wordfence.com
CVE-Watchlists
Login
Unerledigt
Login

Getnet Argentina para Woocommerce 0.0.1 - 0.0.4 - Authorization Bypass via webhook

The Getnet Argentina para Woocommerce plugin for WordPress is vulnerable to authorization bypass due to missing validation on the 'webhook' function in versions up to, and including, 0.0.4. This makes it possible for unauthenticated attackers to set their payment status to 'APPROVED' without payment.

Mögliche Gegenmaßnahme

Getnet Argentina para WooCommerce: Update to version 0.0.5, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 6

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Getnet Argentina Para Woocommerce Project ≫ Getnet Argentina Para Woocommerce SwPlatformwordpress Version >= 0.0.1 < 0.0.5

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Getnet Argentina para WooCommerce

Version 0.0.1-0.0.4

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.64%	0.457

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security@wordfence.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://www.wordfence.com/threat-intel/vulnerabilities/id/245e9117-ca63-458e-a094-60a759f5ec19?source=cve

Third Party Advisory

https://www.youtube.com/watch?v=xTyWqh93AM0

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/245e9117-ca63-458e-a094-60a759f5ec19

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-3525

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-3525

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-3525

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-3525