Lucene search

PRIOn knowledge basePRION:CVE-2023-3525

HistoryJul 12, 2023 - 5:15 a.m.

Authorization

2023-07-1205:15:00

PRIOn knowledge base

www.prio-n.com

getnet argentina

plugin

authorization bypass

wordpress

vulnerability

unauthenticated attackers

payment status

nvd

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.1%

JSON

The Getnet Argentina para Woocommerce plugin for WordPress is vulnerable to authorization bypass due to missing validation on the ‘webhook’ function in versions up to, and including, 0.0.4. This makes it possible for unauthenticated attackers to set their payment status to ‘APPROVED’ without payment.

CPENameOperatorVersion
getnet_argentina_para_woocommercege0.0.1
getnet_argentina_para_woocommercelt0.0.5

CPE	Name	Operator	Version
	getnet_argentina_para_woocommerce	ge	0.0.1
	getnet_argentina_para_woocommerce	lt	0.0.5

References

www.wordfence.com/threat-intel/vulnerabilities/id/245e9117-ca63-458e-a094-60a759f5ec19?source=cve

www.youtube.com/watch?v=xTyWqh93AM0