WordPress Plugin Vulnerabilities
WooCommerce < 6.3.1 - Orders Marked as Paid (via PayPal Standard Gateway)
Description
The PayPal Standard payment gateway (deprecated since July 2021) of the plugin could allow attackers to mark an order as paid without actually making a payment, when PDT is enabled.
Affects Plugins
References
Classification
Type
INCORRECT AUTHORISATION
OWASP top 10
CWE
CVSS
Miscellaneous
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2022-03-10 (about 2 years ago)
Added
2022-03-10 (about 2 years ago)
Last Updated
2022-04-17 (about 2 years ago)