CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-3525

The Getnet Argentina para Woocommerce plugin for WordPress is vulnerable to authorization bypass due to missing validation on the 'webhook' function in versions up to, and including, 0.0.4. This makes it possible for unauthenticated attackers to set their payment status to 'APPROVED' without payment.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 21.0%

CVSS Severity

CVSS v3 Score 7.5

References

Products affected by CVE-2023-3525

Getnet Argentina Para Woocommerce Project » Getnet Argentina Para Woocommerce » Version: 0.0.1

cpe:2.3:a:getnet_argentina_para_woocommerce_project:getnet_argentina_para_woocommerce:0.0.1
Getnet Argentina Para Woocommerce Project » Getnet Argentina Para Woocommerce » Version: 0.0.2

cpe:2.3:a:getnet_argentina_para_woocommerce_project:getnet_argentina_para_woocommerce:0.0.2
Getnet Argentina Para Woocommerce Project » Getnet Argentina Para Woocommerce » Version: 0.0.3

cpe:2.3:a:getnet_argentina_para_woocommerce_project:getnet_argentina_para_woocommerce:0.0.3
Getnet Argentina Para Woocommerce Project » Getnet Argentina Para Woocommerce » Version: 0.0.4

cpe:2.3:a:getnet_argentina_para_woocommerce_project:getnet_argentina_para_woocommerce:0.0.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-3525

Products

Pricing

Contact Us