Vulnerability Description
The Authorize.net Payment Gateway For WooCommerce plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 8.0. This is due to the plugin not properly verifying the authenticity of the request that updates a orders payment status. This makes it possible for unauthenticated attackers to update order payment statuses to paid bypassing any payment.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://plugins.trac.wordpress.org/browser/authorizenet-payment-gateway-for-wooc
- https://www.wordfence.com/threat-intel/vulnerabilities/id/4ab71d24-0409-421b-8ab
- https://plugins.trac.wordpress.org/browser/authorizenet-payment-gateway-for-wooc
- https://www.wordfence.com/threat-intel/vulnerabilities/id/4ab71d24-0409-421b-8ab
FAQ
What is CVE-2024-2382?
CVE-2024-2382 is a vulnerability with a CVSS score of 5.3 (MEDIUM). The Authorize.net Payment Gateway For WooCommerce plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 8.0. This is due to the plugin not properly verifying the a...
How severe is CVE-2024-2382?
CVE-2024-2382 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-2382?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.