2 matches found
CVE-2024-0619
The Payflex Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the paymentcallback function in all versions up to, and including, 2.5.0. This makes it possible for unauthenticated attackers to update the status of orders,...
WordPress Payflex Payment Gateway Plugin <= 2.5.0 is vulnerable to Broken Access Control
Software Payflex Payment Gateway Type Plugin Vulnerable versions = 2.5.0 Fixed in 2.6.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-0619 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID acb69f184f3c Credits Francesco Carlucci...