What the vulnerability does
01Description
Incorrect Privilege Assignment vulnerability in Mestres do WP Checkout Mestres WP checkout-mestres-wp allows Privilege Escalation.This issue affects Checkout Mestres WP: from n/a through <= 8.7.5.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
What the vulnerability does
Incorrect Privilege Assignment vulnerability in Mestres do WP Checkout Mestres WP checkout-mestres-wp allows Privilege Escalation.This issue affects Checkout Mestres WP: from n/a through <= 8.7.5.
Explanation of Vulnerability in Simple Terms
Checkout Mestres WP versions 8.7.5 and earlier contain a critical vulnerability that allows unauthenticated attackers to read sensitive data, modify site content, and disrupt service. No user interaction is required; the vulnerability is exploitable over the network. All sites running affected versions require immediate patching.
What an attacker can do
Read sensitive data, modify content, and disrupt the site without authentication.
Potential impact on your site
Attackers can steal customer data, alter checkout flows, and take the site offline without warning.
Conditions required to exploit
Network access only; no authentication or user interaction required.
Key dates
External resources
Related vulnerabilities