WordPress Plugin Vulnerabilities

Getnet Argentina para Woocommerce < 0.0.5 - Unauthenticated Authorization Bypass

Description

The plugin does not perform adequate validation on the 'webhook' function, which can lead to an unauthenticated user changing their payment status to 'APPROVED' without making an actual payment.

Affects Plugins

Plugin icon
integrar-getnet-con-woo
Fixed in 0.0.5

References

CVE
CVE-2023-3525
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/245e9117-ca63-458e-a094-60a759f5ec19

Classification

Type
IDOR
OWASP top 10
A5: Broken Access Control
CWE
CWE-639
CVSS
7.5 (high)

Miscellaneous

Original Researcher
Kijam López
Verified
No
WPVDB ID
4d038a4d-4d11-40b2-a1a5-ba5f6d8c32d1

Timeline

Publicly Published
2023-07-07 (about 2 years ago)
Added
2023-07-12 (about 2 years ago)
Last Updated
2023-07-19 (about 2 years ago)

Other

Published
Title
Published
2024-04-15
Title
Login with phone number < 1.7.17 - Unauthorized Account Password Change to Privilege Escalation
Published
2025-02-23
Title
Amelia < 1.2.17 - Unauthenticated Insecure Direct Object Reference
Published
2026-04-15
Title
FluentBoards – Project Management, Task Management, Goal Tracking, Kanban Board, and, Team Collaboration < 1.91.3 - Authenticated (Board Member+) Insecure Direct Object Reference
Published
2025-10-17
Title
Image optimization service by Optimole < 4.1.1 - Insecure Direct Object Reference to Authenticated (Author+) Media Offload
Published
2024-12-11
Title
Greenshift – animation and page builder blocks < 9.9.9.4 - Authenticated (Contributor+) Post Disclosure