What the vulnerability does
01Description
Authentication Bypass Using an Alternate Path or Channel vulnerability in Convers Lab WP SmartPay smartpay allows Authentication Abuse.This issue affects WP SmartPay: from n/a through <= 2.7.13.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
What the vulnerability does
Authentication Bypass Using an Alternate Path or Channel vulnerability in Convers Lab WP SmartPay smartpay allows Authentication Abuse.This issue affects WP SmartPay: from n/a through <= 2.7.13.
Explanation of Vulnerability in Simple Terms
WP SmartPay versions 2.7.13 and earlier contain an authentication bypass vulnerability. An attacker with low-level user access can read, modify, or delete sensitive data and disrupt site functionality. The vulnerability requires only network access and valid user credentials to exploit. Site administrators should update immediately to a version newer than 2.7.13.
What an attacker can do
Read, modify, or delete sensitive data; disrupt site availability with valid user credentials.
Potential impact on your site
Authenticated users can access restricted functions, compromise data integrity, or cause service disruption.
Conditions required to exploit
Attacker must have low-level user account on the site; no user interaction required.
Key dates
External resources