PayU CommercePro Plugin < 3.8.4 – Unauthenticated Privilege Escalation | CVE 2024-12264 | Plugin Vulnerabilities

Description

The PayU CommercePro Plugin plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.8.3. This is due to /wp-json/payu/v1/generate-user-token and /wp-json/payu/v1/get-shipping-cost REST API endpoints not properly verifying a user's identity prior to setting the users ID and auth cookies. This makes it possible for unauthenticated attackers to create new administrative user accounts.

Affects Plugins

Fixed in 3.8.4

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/bf037e4a-2dd7-4296-b86b-635901d2d68f

Classification

Type

AUTHBYPASS

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CVSS

Miscellaneous

Original Researcher

wesley (wcraft)

Verified

No

WPVDB ID

6480537c-1807-451a-8ba8-263870e5c9a3

Timeline

Publicly Published

2025-01-06 (about 1 year ago)

Added

2025-01-06 (about 1 year ago)

Last Updated

2025-03-13 (about 1 year ago)

Other

Published

Title

Published

2023-07-18

Title

OAuth Single Sign On – SSO (OAuth Client) < 6.23.4 - Improper Authentication

Published

2021-10-11

Title

Pie Register < 3.1.7.6 - Unauthenticated Arbitrary Login

Published

2021-07-20

Title

NEX Forms < 7.8.8 - Authentication Bypass for PDF Reports

Published

2025-02-26

Title

Login Me Now < 1.7.3 - Authentication Bypass

Published

2023-11-27

Title

Swift Performance Lite <= 2.3.6.14 - Unauthenticated Configuration Export