Unauthorized Data Modification Vulnerability in Mollie Payment Forms & Donations Plugin

CVE-2023-7294
6.5MEDIUM

Key Information

Vendor
Paytiumsupport
Status
Paytium: Mollie Payment Forms & Donations
Vendor
CVE Published:
16 October 2024

Summary

The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the create_mollie_profile function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to create a mollie payment profile.

Affected Version(s)

Paytium: Mollie payment forms & donations <= 4.3.7

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published.

  • Vulnerability Reserved.

  • Disclosed

Collectors

NVD DatabaseMitre Database
.