Lucene search

K
vulnrichmentWordfenceVULNRICHMENT:CVE-2023-7294
HistoryOct 16, 2024 - 6:43 a.m.

CVE-2023-7294 Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'create_mollie_profile'

2024-10-1606:43:46
CWE-862
Wordfence
github.com
2
cve-2023-7294
paytium
mollie
wordpress
unauthorized data modification
capability check
create_mollie_profile

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

AI Score

6.7

Confidence

Low

EPSS

0.001

Percentile

16.9%

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the create_mollie_profile function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to create a mollie payment profile.

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

AI Score

6.7

Confidence

Low

EPSS

0.001

Percentile

16.9%

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

Related for VULNRICHMENT:CVE-2023-7294