Количество 2
Количество 2
CVE-2020-8819
An issue was discovered in the CardGate Payments plugin through 3.1.15 for WooCommerce. Lack of origin authentication in the IPN callback processing function in cardgate/cardgate.php allows an attacker to remotely replace critical plugin settings (merchant ID, secret key, etc.) and therefore bypass the payment process (e.g., spoof an order status by manually sending an IPN callback request with a valid signature but without real payment) and/or receive all of the subsequent payments.
GHSA-5pq5-9phv-q5j3
CardGate Payments plugin for WooCommerce does not validate request origin
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2020-8819 An issue was discovered in the CardGate Payments plugin through 3.1.15 for WooCommerce. Lack of origin authentication in the IPN callback processing function in cardgate/cardgate.php allows an attacker to remotely replace critical plugin settings (merchant ID, secret key, etc.) and therefore bypass the payment process (e.g., spoof an order status by manually sending an IPN callback request with a valid signature but without real payment) and/or receive all of the subsequent payments. | CVSS3: 8.1 | 0% Низкий | почти 6 лет назад |
| GHSA-5pq5-9phv-q5j3 CardGate Payments plugin for WooCommerce does not validate request origin | CVSS3: 8.1 | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу