What the vulnerability does
01Description
Unauthenticated Broken Access Control in NOWPayments for WooCommerce <= 1.4.0 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
What the vulnerability does
Unauthenticated Broken Access Control in NOWPayments for WooCommerce <= 1.4.0 versions.
Explanation of Vulnerability in Simple Terms
NOWPayments for WooCommerce versions up to 1.4.0 lack proper authorization checks, allowing unauthenticated attackers to modify payment-related data or settings. An attacker can send network requests without credentials to alter critical payment configuration. Site owners using this plugin should update immediately to prevent unauthorized changes to payment processing.
What an attacker can do
Modify payment settings or data without logging in.
Potential impact on your site
Attackers can alter payment configuration, potentially disrupting transactions or redirecting funds.
Conditions required to exploit
Network access only; no authentication or user interaction required.
Key dates
External resources
Related vulnerabilities