WordPress Plugin Vulnerabilities

BitPay Checkout for WooCommerce < 5.0.0 - Missing Authorization

Description

The BitPay Checkout for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on an unknown function in versions up to, and including, 4.1.0. This makes it possible for unauthenticated attackers to perform an unauthorized action.

Affects Plugins

Plugin icon
bitpay-checkout-for-woocommerce
Fixed in 5.0.0

References

CVE
CVE-2023-41803
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/ea489c69-d4d9-4e05-8cac-25fd17d48506

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (Medium)

Miscellaneous

Original Researcher
Mika
Verified
No
WPVDB ID
47a32dc3-03d3-4a28-9672-0cc8cc951d04

Timeline

Publicly Published
2023-09-05 (about 2 years ago)
Added
2023-11-23 (about 2 years ago)
Last Updated
2023-12-04 (about 2 years ago)

Other

Published
Title
Published
2025-12-15
Title
MailerLite - WooCommerce integration < 3.1.4 - Missing Authorization to Data Deletion
Published
2023-09-04
Title
rtMedia for WordPress, BuddyPress and bbPress < 4.6.15 - Missing Authorization to Sensitive Information Exposure
Published
2025-04-30
Title
Page View Count 2.8.0 - 2.8.4 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update
Published
2026-02-11
Title
LearnPress Export Import < 4.1.1 - Missing Authentication to Unauthenticated Migrated Course Deletion
Published
2024-10-25
Title
Editorial Assistant by Sovrn <= 1.3.3 - Missing Authorization to Authenticated (Subscriber+) Attachment Upload and Set Post Featured Image