CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
What the vulnerability does
Missing Authorization vulnerability in payrexx Payrexx Payment Gateway for WooCommerce woo-payrexx-gateway allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payrexx Payment Gateway for WooCommerce: from n/a through <= 3.1.5.
Explanation of Vulnerability in Simple Terms
The Payrexx Payment Gateway for WooCommerce plugin does not properly check user permissions before allowing certain actions. An authenticated user with low privileges can modify data they should not have access to. This affects versions up to 3.1.5. Site owners should update to a version newer than 3.1.5 as soon as possible.
What an attacker can do
Modify payment or transaction data without proper authorization.
Potential impact on your site
Unauthorized users could alter payment records, potentially affecting transaction integrity and financial reporting.
Conditions required to exploit
Attacker must have a low-privilege account on the site (e.g., subscriber or customer role).
Key dates
External resources
Related vulnerabilities
