CVE-2023-4948
CVE-2023-4948 affects the WooCommerce CVR Payment Gateway plugin for WordPress up to version 6.1.0 . The issue is a missing capability check on the refresh_order_cvr_data AJAX action, allowing authenticated attackers with contributor-level access and above to update CVR numbers for orders. The vu...