Vulnerabilities > CVE-2023-4948 - Unspecified vulnerability in Yanco Woocommerce CVR Payment Gateway 6.1.0
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The WooCommerce CVR Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refresh_order_cvr_data AJAX action in versions up to 6.1.0. This makes it possible for authenticated attackers with contributor-level access and above, to update CVR numbers for orders.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
References
- https://plugins.yanco.dk/product/woocommerce-cvr-payment-gateway/
- https://plugins.yanco.dk/product/woocommerce-cvr-payment-gateway/
- https://www.wordfence.com/threat-intel/vulnerabilities/id/f72ba0e2-a9c4-43b0-a01f-185554090162?source=cve
- https://www.wordfence.com/threat-intel/vulnerabilities/id/f72ba0e2-a9c4-43b0-a01f-185554090162?source=cve