Search criteria
2 vulnerabilities found for Mercado Pago payments for WooCommerce by claudiosanches
CVE-2024-3934 (GCVE-0-2024-3934)
Vulnerability from nvd – Published: 2024-07-20 03:20 – Updated: 2024-08-01 20:26
VLAI?
Title
Mercado Pago payments for WooCommerce 7.3.0 - 7.6.1 - Authenticated (Subscriber+) Arbitrary File Download
Summary
The Mercado Pago payments for WooCommerce plugin for WordPress is vulnerable to Path Traversal in versions 7.3.0 to 7.5.1 via the mercadopagoDownloadLog function. This makes it possible for authenticated attackers, with subscriber-level access and above, to download and read the contents of arbitrary files on the server, which can contain sensitive information. The arbitrary file download was patched in 7.5.1, while the missing authorization was corrected in version 7.6.2.
Severity ?
6.5 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| claudiosanches | Mercado Pago payments for WooCommerce |
Affected:
7.3.0 , ≤ 7.6.1
(semver)
|
Credits
Krzysztof Zając
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3934",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-29T15:53:28.693672Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-29T15:53:36.777Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:26:57.162Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1674e81e-6a75-436c-b219-8ec0a484a134?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/woocommerce-mercadopago/trunk/src/Admin/Settings.php#L663"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3098023/woocommerce-mercadopago/trunk/src/IO/Downloader.php?old=3078706\u0026old_path=woocommerce-mercadopago%2Ftrunk%2Fsrc%2FIO%2FDownloader.php"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3119214/woocommerce-mercadopago/tags/7.6.2/src/IO/Downloader.php?old=3108278\u0026old_path=woocommerce-mercadopago%2Ftags%2F7.6.1%2Fsrc%2FIO%2FDownloader.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mercado Pago payments for WooCommerce",
"vendor": "claudiosanches",
"versions": [
{
"lessThanOrEqual": "7.6.1",
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Krzysztof Zaj\u0105c"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Mercado Pago payments for WooCommerce plugin for WordPress is vulnerable to Path Traversal in versions 7.3.0 to 7.5.1 via the mercadopagoDownloadLog function. This makes it possible for authenticated attackers, with subscriber-level access and above, to download and read the contents of arbitrary files on the server, which can contain sensitive information. The arbitrary file download was patched in 7.5.1, while the missing authorization was corrected in version 7.6.2."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-20T03:20:31.151Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1674e81e-6a75-436c-b219-8ec0a484a134?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/woocommerce-mercadopago/trunk/src/Admin/Settings.php#L663"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3098023/woocommerce-mercadopago/trunk/src/IO/Downloader.php?old=3078706\u0026old_path=woocommerce-mercadopago%2Ftrunk%2Fsrc%2FIO%2FDownloader.php"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3119214/woocommerce-mercadopago/tags/7.6.2/src/IO/Downloader.php?old=3108278\u0026old_path=woocommerce-mercadopago%2Ftags%2F7.6.1%2Fsrc%2FIO%2FDownloader.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-07-19T15:14:26.000+00:00",
"value": "Disclosed"
}
],
"title": "Mercado Pago payments for WooCommerce 7.3.0 - 7.6.1 - Authenticated (Subscriber+) Arbitrary File Download"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-3934",
"datePublished": "2024-07-20T03:20:31.151Z",
"dateReserved": "2024-04-17T17:11:11.221Z",
"dateUpdated": "2024-08-01T20:26:57.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3934 (GCVE-0-2024-3934)
Vulnerability from cvelistv5 – Published: 2024-07-20 03:20 – Updated: 2024-08-01 20:26
VLAI?
Title
Mercado Pago payments for WooCommerce 7.3.0 - 7.6.1 - Authenticated (Subscriber+) Arbitrary File Download
Summary
The Mercado Pago payments for WooCommerce plugin for WordPress is vulnerable to Path Traversal in versions 7.3.0 to 7.5.1 via the mercadopagoDownloadLog function. This makes it possible for authenticated attackers, with subscriber-level access and above, to download and read the contents of arbitrary files on the server, which can contain sensitive information. The arbitrary file download was patched in 7.5.1, while the missing authorization was corrected in version 7.6.2.
Severity ?
6.5 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| claudiosanches | Mercado Pago payments for WooCommerce |
Affected:
7.3.0 , ≤ 7.6.1
(semver)
|
Credits
Krzysztof Zając
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3934",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-29T15:53:28.693672Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-29T15:53:36.777Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:26:57.162Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1674e81e-6a75-436c-b219-8ec0a484a134?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/woocommerce-mercadopago/trunk/src/Admin/Settings.php#L663"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3098023/woocommerce-mercadopago/trunk/src/IO/Downloader.php?old=3078706\u0026old_path=woocommerce-mercadopago%2Ftrunk%2Fsrc%2FIO%2FDownloader.php"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3119214/woocommerce-mercadopago/tags/7.6.2/src/IO/Downloader.php?old=3108278\u0026old_path=woocommerce-mercadopago%2Ftags%2F7.6.1%2Fsrc%2FIO%2FDownloader.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mercado Pago payments for WooCommerce",
"vendor": "claudiosanches",
"versions": [
{
"lessThanOrEqual": "7.6.1",
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Krzysztof Zaj\u0105c"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Mercado Pago payments for WooCommerce plugin for WordPress is vulnerable to Path Traversal in versions 7.3.0 to 7.5.1 via the mercadopagoDownloadLog function. This makes it possible for authenticated attackers, with subscriber-level access and above, to download and read the contents of arbitrary files on the server, which can contain sensitive information. The arbitrary file download was patched in 7.5.1, while the missing authorization was corrected in version 7.6.2."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-20T03:20:31.151Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1674e81e-6a75-436c-b219-8ec0a484a134?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/woocommerce-mercadopago/trunk/src/Admin/Settings.php#L663"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3098023/woocommerce-mercadopago/trunk/src/IO/Downloader.php?old=3078706\u0026old_path=woocommerce-mercadopago%2Ftrunk%2Fsrc%2FIO%2FDownloader.php"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3119214/woocommerce-mercadopago/tags/7.6.2/src/IO/Downloader.php?old=3108278\u0026old_path=woocommerce-mercadopago%2Ftags%2F7.6.1%2Fsrc%2FIO%2FDownloader.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-07-19T15:14:26.000+00:00",
"value": "Disclosed"
}
],
"title": "Mercado Pago payments for WooCommerce 7.3.0 - 7.6.1 - Authenticated (Subscriber+) Arbitrary File Download"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-3934",
"datePublished": "2024-07-20T03:20:31.151Z",
"dateReserved": "2024-04-17T17:11:11.221Z",
"dateUpdated": "2024-08-01T20:26:57.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}