Description

WordPress Plugin Authorize.net Payment Gateway For WooCommerce is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently complete orders and buy items for free. WordPress Plugin Authorize.net Payment Gateway For WooCommerce version 2.0 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 3.0 or latest

References

http://www.vmirgorod.name/blog/buying-goods-free-through-authorizenet-payment-gateway-plugin-woocommerce

https://wordpress.org/support/topic/major-vulnerability-in-this-module

Related Vulnerabilities

Magento CVE-2020-3718 Vulnerability (CVE-2020-3718)

WordPress Plugin WPML (WordPress Multilingual) Cross-Site Scripting (3.2.6)

WordPress Plugin Easy Forms for MailChimp Unspecified Vulnerability (6.0.3.2)

Oracle JRE CVE-2013-2439 Vulnerability (CVE-2013-2439)

WordPress Plugin Add Link to Facebook Cross-Site Scripting (2.2.7)

Severity

High

Classification

CWE-264 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Authentication Bypass