CVE Vulnerabilities

CVE-2023-3525

Published: Jul 12, 2023 | Modified: Nov 07, 2023
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

The Getnet Argentina para Woocommerce plugin for WordPress is vulnerable to authorization bypass due to missing validation on the webhook function in versions up to, and including, 0.0.4. This makes it possible for unauthenticated attackers to set their payment status to APPROVED without payment.

Affected Software

Name Vendor Start Version End Version
Getnet_argentina_para_woocommerce Getnet_argentina_para_woocommerce_project 0.0.1 (including) 0.0.5 (excluding)

References