What the vulnerability does
01Description
Unauthenticated Broken Access Control in Redsys for WooCommerce Light <= 7.0.0 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
What the vulnerability does
Unauthenticated Broken Access Control in Redsys for WooCommerce Light <= 7.0.0 versions.
Explanation of Vulnerability in Simple Terms
Redsys for WooCommerce Light versions up to 7.0.0 lack proper authorization checks on sensitive operations. An attacker can modify payment-related data or settings without authentication. This affects the integrity of transaction records and store configuration. Update to a version newer than 7.0.0.
What an attacker can do
Modify payment settings or transaction data without logging in.
Potential impact on your site
Attackers can alter payment configurations, potentially redirecting funds or corrupting transaction records.
Conditions required to exploit
Network access to the WooCommerce site; no authentication required.
Key dates
External resources
Related vulnerabilities