CVE-2024-2382
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
The Authorize.net Payment Gateway For WooCommerce plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 8.0. This is due to the plugin not properly verifying the authenticity of the request that updates a orders payment status. This makes it possible for unauthenticated attackers to update order payment statuses to paid bypassing any payment.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ishanverma | Authorize.net Payment Gateway For WooCommerce | 0 <= 8.0 | affected |
Weaknesses
- CWE-345: CWE-345 Insufficient Verification of Data Authenticity
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://www.wordfence.com/threat-intel/vulnerabilities/id/4ab71d24-0409-421b-8abf-f4d5390a32a1?source=cve
- https://plugins.trac.wordpress.org/browser/authorizenet-payment-gateway-for-woocommerce/trunk/index.php#L205
References
- https://www.wordfence.com/threat-intel/vulnerabilities/id/4ab71d24-0409-421b-8abf-f4d5390a32a1?source=cve
- https://plugins.trac.wordpress.org/browser/authorizenet-payment-gateway-for-woocommerce/trunk/index.php#L205
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.