Revolut Gateway for WooCommerce < 4.9.8 – Missing Authorization | CVE 2023-52224 | Plugin Vulnerabilities

Description

The Revolut Gateway for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the wc_revolut_clear_records and wc_revolut_onboard_applepay_domain functions in versions up to, and including, 4.9.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to clear records and trigger applepay onboarding.

Affects Plugins

revolut-gateway-for-woocommerce

Fixed in 4.9.8

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/55827029-479e-4c4c-ba33-203075e1bbbc

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

Abdi Pranata

Verified

No

WPVDB ID

4aba1f01-990b-4f3c-9e8f-07dadad88ff0

Timeline

Publicly Published

2024-01-08 (about 2 years ago)

Added

2024-03-12 (about 2 years ago)

Last Updated

2024-03-12 (about 2 years ago)

Other

Published

Title

Published

2026-01-16

Title

Wallet System for WooCommerce < 2.7.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Wallet Balance Manipulation

Published

2025-04-01

Title

RestroPress <= 3.2.4.2 - Missing Authorization

Published

2024-07-26

Title

WooCommerce Product Table Lite < 3.8.6 - Missing Authorization to (Subscriber+) Stored Cross-Site Scripting

Published

2025-05-29

Title

Woo Slider Pro - Drag Drop Slider Builder For WooCommerce <= 1.12 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion

Published

2026-05-13

Title

User Registration & Membership < 5.1.6 - Unauthenticated Missing Authorization to Admin Approval Bypass via 'action' Parameter