Search criteria
2 vulnerabilities by PayTR Ödeme ve Elektronik Para Kuruluşu A.Ş.
CVE-2023-47847 (GCVE-0-2023-47847)
Vulnerability from cvelistv5 – Published: 2024-12-09 11:30 – Updated: 2024-12-10 16:54
VLAI?
Title
WordPress PayTR Taksit Tablosu plugin <= 1.3.1 - Broken Access Control vulnerability
Summary
Missing Authorization vulnerability in PayTR Ödeme ve Elektronik Para Kuruluşu A.Ş. PayTR Taksit Tablosu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PayTR Taksit Tablosu: from n/a through 1.3.1.
Severity ?
5.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PayTR Ödeme ve Elektronik Para Kuruluşu A.Ş. | PayTR Taksit Tablosu |
Affected:
n/a , ≤ 1.3.1
(custom)
|
Credits
Abdi Pranata (Patchstack Alliance)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47847",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-09T22:09:53.928097Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-10T16:54:55.500Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "paytr-taksit-tablosu-woocommerce",
"product": "PayTR Taksit Tablosu",
"vendor": "PayTR \u00d6deme ve Elektronik Para Kurulu\u015fu A.\u015e.",
"versions": [
{
"changes": [
{
"at": "1.3.2",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.3.1",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Abdi Pranata (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMissing Authorization vulnerability in PayTR \u00d6deme ve Elektronik Para Kurulu\u015fu A.\u015e. PayTR Taksit Tablosu allows Exploiting Incorrectly Configured Access Control Security Levels.\u003c/p\u003e\u003cp\u003eThis issue affects PayTR Taksit Tablosu: from n/a through 1.3.1.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in PayTR \u00d6deme ve Elektronik Para Kurulu\u015fu A.\u015e. PayTR Taksit Tablosu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PayTR Taksit Tablosu: from n/a through 1.3.1."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-09T11:30:35.642Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/wordpress/plugin/paytr-taksit-tablosu-woocommerce/vulnerability/wordpress-paytr-taksit-tablosu-plugin-1-3-1-broken-access-control-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "No patched version is available. This plugin has been closed as of November 17, 2023 and is not available for download. This closure is temporary, pending a full review."
}
],
"value": "No patched version is available. This plugin has been closed as of November 17, 2023 and is not available for download. This closure is temporary, pending a full review."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress PayTR Taksit Tablosu plugin \u003c= 1.3.1 - Broken Access Control vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-47847",
"datePublished": "2024-12-09T11:30:35.642Z",
"dateReserved": "2023-11-13T01:08:38.451Z",
"dateUpdated": "2024-12-10T16:54:55.500Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49853 (GCVE-0-2023-49853)
Vulnerability from cvelistv5 – Published: 2023-12-18 14:33 – Updated: 2024-08-02 22:01
VLAI?
Title
WordPress PayTR Taksit Tablosu Plugin <= 1.3.1 is vulnerable to Cross Site Request Forgery (CSRF)
Summary
Cross-Site Request Forgery (CSRF) vulnerability in PayTR Ödeme ve Elektronik Para Kuruluşu A.Ş. PayTR Taksit Tablosu – WooCommerce.This issue affects PayTR Taksit Tablosu – WooCommerce: from n/a through 1.3.1.
Severity ?
5.4 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PayTR Ödeme ve Elektronik Para Kuruluşu A.Ş. | PayTR Taksit Tablosu – WooCommerce |
Affected:
n/a , ≤ 1.3.1
(custom)
|
Credits
qilin_99 (Patchstack Alliance)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:01:26.059Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/paytr-taksit-tablosu-woocommerce/wordpress-paytr-taksit-tablosu-woocommerce-plugin-1-3-1-broken-authentication-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "paytr-taksit-tablosu-woocommerce",
"product": "PayTR Taksit Tablosu \u2013 WooCommerce",
"vendor": "PayTR \u00d6deme ve Elektronik Para Kurulu\u015fu A.\u015e.",
"versions": [
{
"lessThanOrEqual": "1.3.1",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "qilin_99 (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in PayTR \u00d6deme ve Elektronik Para Kurulu\u015fu A.\u015e. PayTR Taksit Tablosu \u2013 WooCommerce.\u003cp\u003eThis issue affects PayTR Taksit Tablosu \u2013 WooCommerce: from n/a through 1.3.1.\u003c/p\u003e"
}
],
"value": "Cross-Site Request Forgery (CSRF) vulnerability in PayTR \u00d6deme ve Elektronik Para Kurulu\u015fu A.\u015e. PayTR Taksit Tablosu \u2013 WooCommerce.This issue affects PayTR Taksit Tablosu \u2013 WooCommerce: from n/a through 1.3.1.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-18T14:33:57.484Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/paytr-taksit-tablosu-woocommerce/wordpress-paytr-taksit-tablosu-woocommerce-plugin-1-3-1-broken-authentication-vulnerability?_s_id=cve"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress PayTR Taksit Tablosu Plugin \u003c= 1.3.1 is vulnerable to Cross Site Request Forgery (CSRF)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-49853",
"datePublished": "2023-12-18T14:33:57.484Z",
"dateReserved": "2023-11-30T17:13:03.350Z",
"dateUpdated": "2024-08-02T22:01:26.059Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}