Unauthorized Access to Sensitive Information via Insufficient Access Controls
CVE-2024-38747

7.5HIGH

Key Information:

Vendor: Hitpay Payment Solutions Pte Ltd
Status: Hitpay Payment Gateway For WooCommerce
Vendor: CVE Published:; 13 August 2024

Summary

A vulnerability in HitPay Payment Gateway for WooCommerce allows unauthorized access to sensitive information due to inadequate access controls. This issue permits unauthorized actors to exploit functionalities that are not properly constrained, potentially leading to the exposure of confidential user data. The impacted versions include all versions up to 4.1.3, which emphasizes the need for immediate attention and security measures to mitigate risks associated with this vulnerability.

Affected Version(s)

HitPay Payment Gateway for WooCommerce <= 4.1.3

References

https://patchstack.com/database/vulnerability/hitpay-paym...

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 13, 2024
Vulnerability Reserved
Jun 19, 2024

Credit

Joshua Chan (Patchstack Alliance)