Vulnerability Description
The Getnet Argentina para Woocommerce plugin for WordPress is vulnerable to authorization bypass due to missing validation on the 'webhook' function in versions up to, and including, 0.0.4. This makes it possible for unauthenticated attackers to set their payment status to 'APPROVED' without payment.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Getnet Argentina Para Woocommerce Project | Getnet Argentina Para Woocommerce | >= 0.0.1, < 0.0.5 |
References
- https://www.wordfence.com/threat-intel/vulnerabilities/id/245e9117-ca63-458e-a09Third Party Advisory
- https://www.youtube.com/watch?v=xTyWqh93AM0Exploit
- https://www.wordfence.com/threat-intel/vulnerabilities/id/245e9117-ca63-458e-a09Third Party Advisory
- https://www.youtube.com/watch?v=xTyWqh93AM0Exploit
FAQ
What is CVE-2023-3525?
CVE-2023-3525 is a vulnerability with a CVSS score of 7.5 (HIGH). The Getnet Argentina para Woocommerce plugin for WordPress is vulnerable to authorization bypass due to missing validation on the 'webhook' function in versions up to, and including, 0.0.4. This makes...
How severe is CVE-2023-3525?
CVE-2023-3525 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-3525?
Check the references section above for vendor advisories and patch information. Affected products include: Getnet Argentina Para Woocommerce Project Getnet Argentina Para Woocommerce.