CVE-2023-3525

Опубликовано: 12 июл. 2023

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

The Getnet Argentina para Woocommerce plugin for WordPress is vulnerable to authorization bypass due to missing validation on the 'webhook' function in versions up to, and including, 0.0.4. This makes it possible for unauthenticated attackers to set their payment status to 'APPROVED' without payment.

Ссылки

https://www.wordfence.com/threat-intel/vulnerabilities/id/245e9117-ca63-458e-a094-60a759f5ec19?source=cve
Third Party Advisory
https://www.youtube.com/watch?v=xTyWqh93AM0
Exploit
https://www.wordfence.com/threat-intel/vulnerabilities/id/245e9117-ca63-458e-a094-60a759f5ec19?source=cve
Third Party Advisory
https://www.youtube.com/watch?v=xTyWqh93AM0
Exploit

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:getnet_argentina_para_woocommerce_project:getnet_argentina_para_woocommerce:*:*:*:*:*:wordpress:*:*

Версия от 0.0.1 (включая) до 0.0.5 (исключая)

EPSS

Процентиль: 25%

0.00085

Низкий

7.5 High

CVSS3

Дефекты

Связанные уязвимости

GHSA-wvgj-qhvv-w9q3