Vulnerabilities > CVE-2023-5132 - Missing Authorization vulnerability in Soisy Pagamento Rateale

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

soisy

CWE-862

NVD

Published: 2023-10-21

Updated: 2023-11-07

Summary

The Soisy Pagamento Rateale plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the parseRemoteRequest function in versions up to, and including, 6.0.1. This makes it possible for unauthenticated attackers with knowledge of an existing WooCommerce Order ID to expose sensitive WooCommerce order information (e.g., Name, Address, Email Address, and other order metadata).

Vulnerable Configurations

Part	Description	Count
Application	Soisy Soisy Soisy Pagamento Rateale - Soisy Soisy Pagamento Rateale 5.1.0 Soisy Soisy Pagamento Rateale 5.2.0 Soisy Soisy Pagamento Rateale 5.2.1 Soisy Soisy Pagamento Rateale 5.2.2 Soisy Soisy Pagamento Rateale 5.2.3 Soisy Soisy Pagamento Rateale 5.2.4 Soisy Soisy Pagamento Rateale 5.3.2 Soisy Soisy Pagamento Rateale 5.6.2 Soisy Soisy Pagamento Rateale 5.6.3 Soisy Soisy Pagamento Rateale 5.6.5 Soisy Soisy Pagamento Rateale 5.6.6 Soisy Soisy Pagamento Rateale 5.7.0 Soisy Soisy Pagamento Rateale 5.7.4 Soisy Soisy Pagamento Rateale 6.0.0 Soisy Soisy Pagamento Rateale 6.0.1	16

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References