Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Getnet Argentina para Woocommerce by wanderlustcodes

    CVE-2023-3525 (GCVE-0-2023-3525)

    Vulnerability from nvd – Published: 2023-07-12 04:38 – Updated: 2025-02-05 19:41
    VLAI
    Summary
    The Getnet Argentina para Woocommerce plugin for WordPress is vulnerable to authorization bypass due to missing validation on the 'webhook' function in versions up to, and including, 0.0.4. This makes it possible for unauthenticated attackers to set their payment status to 'APPROVED' without payment.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    wanderlustcodes Getnet Argentina para Woocommerce Affected: 0.0.1 , ≤ 0.0.4 (semver)
    Create a notification for this product.
    Credits
    Kijam López
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:55:03.594Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/245e9117-ca63-458e-a094-60a759f5ec19?source=cve"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.youtube.com/watch?v=xTyWqh93AM0"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3525",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-05T18:38:34.966978Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-05T19:41:35.254Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Getnet Argentina para Woocommerce",
              "vendor": "wanderlustcodes",
              "versions": [
                {
                  "lessThanOrEqual": "0.0.4",
                  "status": "affected",
                  "version": "0.0.1",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Kijam L\u00f3pez"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Getnet Argentina para Woocommerce plugin for WordPress is vulnerable to authorization bypass due to missing validation on the \u0027webhook\u0027 function in versions up to, and including, 0.0.4. This makes it possible for unauthenticated attackers to set their payment status to \u0027APPROVED\u0027 without payment."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-12T04:38:43.519Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/245e9117-ca63-458e-a094-60a759f5ec19?source=cve"
            },
            {
              "url": "https://www.youtube.com/watch?v=xTyWqh93AM0"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-07-07T00:00:00.000Z",
              "value": "Disclosed"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2023-3525",
        "datePublished": "2023-07-12T04:38:43.519Z",
        "dateReserved": "2023-07-06T13:31:01.859Z",
        "dateUpdated": "2025-02-05T19:41:35.254Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3525 (GCVE-0-2023-3525)

    Vulnerability from cvelistv5 – Published: 2023-07-12 04:38 – Updated: 2025-02-05 19:41
    VLAI
    Summary
    The Getnet Argentina para Woocommerce plugin for WordPress is vulnerable to authorization bypass due to missing validation on the 'webhook' function in versions up to, and including, 0.0.4. This makes it possible for unauthenticated attackers to set their payment status to 'APPROVED' without payment.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    wanderlustcodes Getnet Argentina para Woocommerce Affected: 0.0.1 , ≤ 0.0.4 (semver)
    Create a notification for this product.
    Credits
    Kijam López
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:55:03.594Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/245e9117-ca63-458e-a094-60a759f5ec19?source=cve"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.youtube.com/watch?v=xTyWqh93AM0"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3525",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-05T18:38:34.966978Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-05T19:41:35.254Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Getnet Argentina para Woocommerce",
              "vendor": "wanderlustcodes",
              "versions": [
                {
                  "lessThanOrEqual": "0.0.4",
                  "status": "affected",
                  "version": "0.0.1",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Kijam L\u00f3pez"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Getnet Argentina para Woocommerce plugin for WordPress is vulnerable to authorization bypass due to missing validation on the \u0027webhook\u0027 function in versions up to, and including, 0.0.4. This makes it possible for unauthenticated attackers to set their payment status to \u0027APPROVED\u0027 without payment."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-12T04:38:43.519Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/245e9117-ca63-458e-a094-60a759f5ec19?source=cve"
            },
            {
              "url": "https://www.youtube.com/watch?v=xTyWqh93AM0"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-07-07T00:00:00.000Z",
              "value": "Disclosed"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2023-3525",
        "datePublished": "2023-07-12T04:38:43.519Z",
        "dateReserved": "2023-07-06T13:31:01.859Z",
        "dateUpdated": "2025-02-05T19:41:35.254Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }