3 matches found
CVE-2024-12264
The PayU CommercePro Plugin plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.8.3. This is due to /wp-json/payu/v1/generate-user-token and /wp-json/payu/v1/get-shipping-cost REST API endpoints not properly verifying a user's identity prior to setti...
CVE-2024-12264
creationtimestamp| type| source ---|---|--- 2025-01-07 04:37:53+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/314 2025-01-07 05:16:49+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lf4vh3q6mz2m 2025-01-07 05:48:08+00:00| seen|...
CVE-2024-12264 PayU CommercePro Plugin <= 3.8.3 - Unauthenticated Privilege Escalation
The PayU CommercePro Plugin plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.8.3. This is due to /wp-json/payu/v1/generate-user-token and /wp-json/payu/v1/get-shipping-cost REST API endpoints not properly verifying a user's identity prior to setti...