CVE-2023-3525 HIGH

CVE-2023-3525

Vendor Wanderlustcodes
Product Getnet Argentina para Woocommerce
Published July 12, 2023
Last update February 5, 2025

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

What the vulnerability does

01Description

The Getnet Argentina para Woocommerce plugin for WordPress is vulnerable to authorization bypass due to missing validation on the 'webhook' function in versions up to, and including, 0.0.4. This makes it possible for unauthenticated attackers to set their payment status to 'APPROVED' without payment.

Key dates

02Disclosure timeline

July 12, 2023 CVE published
February 5, 2025 Record updated