WordPress Plugin Vulnerabilities

PlatiOnline Payments < 7.0.1 - Missing Authorization

Description

The PlatiOnline Payments plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 7.0.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action.

Affects Plugins

Fixed in 7.0.1

References

Classification

Type
NO AUTHORISATION
CWE

Miscellaneous

Original Researcher
norahc
Verified
No

Timeline

Publicly Published
2025-06-27 (about 1 year ago)
Added
2025-07-02 (about 1 year ago)
Last Updated
2026-01-13 (about 5 months ago)

Other