4 matches found
CVE-2024-0631
The Duitku Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the checkduitkuresponse function in all versions up to, and including, 2.11.6. This makes it possible for unauthenticated attackers to change the payment status ...
CVE-2024-0631 Duitku Payment Gateway <= 2.11.6 - Missing Authorization via check_duitku_response
The Duitku Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the checkduitkuresponse function in all versions up to, and including, 2.11.6. This makes it possible for unauthenticated attackers to change the payment status ...
CVE-2024-0631
The CVE refers to the Duitku Payment Gateway WordPress plugin (WordPress) with a vulnerable check_duitku_response function. The issue is due to a missing capability check that affects all versions up to and including 2.11.4, allowing unauthenticated attackers to modify data and set payments to fa...
WordPress Duitku Payment Gateway Plugin <= 2.11.6 is vulnerable to Broken Access Control
Software Duitku Payment Gateway Type Plugin Vulnerable versions = 2.11.6 Fixed in 2.11.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-0631 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 48de9cbc8e6d Credits Francesco Carlucci...