CVE-2018-20782 – WordPress Plugin WooCommerce - GloBee (cryptocurrency) Payment Gateway 1.1.1 - Payment Bypass / Unauthorized Order Status Spoofing

https://notcve.org/view.php?id=CVE-2018-20782

The GloBee plugin before 1.1.2 for WooCommerce mishandles IPN messages. El plugin GloBee, en versiones anteriores a la 1.1.2 para WooCommerce, gestiona de manera incorrecta los mensajes IPN. WordPress WooCommerce plugin with GloBee cryptocurrency payment gateway versions 1.1.1 and below suffer from payment bypass and unauthorized order status spoofing vulnerabilities. • https://www.exploit-db.com/exploits/46414 https://github.com/GloBee-Official/woocommerce-payment-api-plugin/issues/3 https://github.com/GloBee-Official/woocommerce-payment-api-plugin/pull/2 • CWE-20: Improper Input Validation •