Описание
The Fortis for WooCommerce plugin for WordPress is vulnerable to authorization bypass due to an inverted nonce check in the 'check_fortis_notify_response' function in all versions up to, and including, 1.2.0. This makes it possible for unauthenticated attackers to update arbitrary WooCommerce order statuses to paid/processing/completed, effectively allowing them to mark orders as paid without payment.
The Fortis for WooCommerce plugin for WordPress is vulnerable to authorization bypass due to an inverted nonce check in the 'check_fortis_notify_response' function in all versions up to, and including, 1.2.0. This makes it possible for unauthenticated attackers to update arbitrary WooCommerce order statuses to paid/processing/completed, effectively allowing them to mark orders as paid without payment.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2026-0679
- https://plugins.trac.wordpress.org/browser/fortis-for-woocommerce/tags/1.2.0/classes/WC_Gateway_Fortis.php#L1674
- https://plugins.trac.wordpress.org/browser/fortis-for-woocommerce/trunk/classes/WC_Gateway_Fortis.php#L1674
- https://www.wordfence.com/threat-intel/vulnerabilities/id/9f16c098-3e99-4506-b517-ae4b838a0925?source=cve
Связанные уязвимости
The Fortis for WooCommerce plugin for WordPress is vulnerable to authorization bypass due to an inverted nonce check in the 'check_fortis_notify_response' function in all versions up to, and including, 1.2.0. This makes it possible for unauthenticated attackers to update arbitrary WooCommerce order statuses to paid/processing/completed, effectively allowing them to mark orders as paid without payment.