What the vulnerability does
01Description
Unauthenticated Broken Access Control in Montonio for WooCommerce <= 10.1.2 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
What the vulnerability does
Unauthenticated Broken Access Control in Montonio for WooCommerce <= 10.1.2 versions.
Explanation of Vulnerability in Simple Terms
Montonio for WooCommerce versions up to 10.1.2 lack proper authorization checks on certain functions. An attacker can modify payment data or transaction records without authentication. This affects the integrity of orders and financial records in WooCommerce stores using this payment gateway plugin.
What an attacker can do
Modify payment records or transaction data without logging in.
Potential impact on your site
Attackers can alter order totals, payment status, or transaction history without your knowledge.
Conditions required to exploit
Network access to the WooCommerce site; no authentication required.
Key dates
External resources
Related vulnerabilities