8 matches found
CVE-2024-12264
The PayU CommercePro Plugin plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.8.3. This is due to /wp-json/payu/v1/generate-user-token and /wp-json/payu/v1/get-shipping-cost REST API endpoints not properly verifying a user's identity prior to setti...
WordPress PayU CommercePro Plugin plugin <= 3.8.3 - Unauthenticated Privilege Escalation vulnerability
Unauthenticated Privilege Escalation vulnerability discovered by wesley wcraft in WordPress Plugin PayU India versions = 3.8.3...
CVE-2024-12264
The PayU CommercePro Plugin plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.8.3. This is due to /wp-json/payu/v1/generate-user-token and /wp-json/payu/v1/get-shipping-cost REST API endpoints not properly verifying a user's identity prior to setti...
CVE-2024-12264 PayU CommercePro Plugin <= 3.8.3 - Unauthenticated Privilege Escalation
The PayU CommercePro Plugin plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.8.3. This is due to /wp-json/payu/v1/generate-user-token and /wp-json/payu/v1/get-shipping-cost REST API endpoints not properly verifying a user's identity prior to setti...
CVE-2024-12264 PayU CommercePro Plugin <= 3.8.3 - Unauthenticated Privilege Escalation
The PayU CommercePro Plugin plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.8.3. This is due to /wp-json/payu/v1/generate-user-token and /wp-json/payu/v1/get-shipping-cost REST API endpoints not properly verifying a user's identity prior to setti...
CVE-2024-12264
CVE-2024-12264 affects the PayU CommercePro Plugin for WordPress. All versions up to and including 3.8.3 are vulnerable to unauthenticated privilege escalation via /wp-json/payu/v1/generate-user-token and /wp-json/payu/v1/get-shipping-cost, allowing creation of new administrative user accounts. A...
WordPress plugin PayU CommercePro Plugin 授权问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An authorization iss...
PT-2025-1795 · Payu · Payu Commercepro Plugin For Wordpress
Name of the Vulnerable Software and Affected Versions: PayU CommercePro Plugin for WordPress versions up to, and including, 3.8.3 Description: The issue is due to the /wp-json/payu/v1/generate-user-token and /wp-json/payu/v1/get-shipping-cost REST API endpoints not properly verifying a user's...