PayPal Brasil para WooCommerce Vulnerable to Missing Authorization Attack
CVE-2023-25026

4.3MEDIUM

Key Information:

Vendor
WordPress
Status
Paypal Brasil Para WooCommerce
Vendor
CVE Published:
9 December 2024

Summary

A missing authorization issue in PayPal Brasil para WooCommerce may allow unauthorized access due to incorrectly configured access control security levels. This vulnerability impacts versions of the plugin from n/a through 1.4.2, posing a risk to e-commerce platforms using this solution. When exploited, the vulnerability could enable attackers to manipulate or access sensitive information, highlighting the importance of maintaining proper security configurations to safeguard online transactions.

Affected Version(s)

PayPal Brasil para WooCommerce <= 1.4.2

References

https://patchstack.com/database/wordpress/plugin/paypal-b...
vdb-entry

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

István Márton (Patchstack Alliance)
.
CVE-2023-25026 : PayPal Brasil para WooCommerce Vulnerable to Missing Authorization Attack | SecurityVulnerability.io