CVE-2023-52224 – WordPress Revolut Gateway for WooCommerce plugin <= 4.9.7 - Broken Access Control vulnerability

https://notcve.org/view.php?id=CVE-2023-52224

Missing Authorization vulnerability in Revolut Revolut Gateway for WooCommerce.This issue affects Revolut Gateway for WooCommerce: from n/a through 4.9.7. Vulnerabilidad de autorización faltante en Revolut Revolut Gateway para WooCommerce. Este problema afecta a Revolut Gateway para WooCommerce: desde n/a hasta 4.9.7. The Revolut Gateway for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the wc_revolut_clear_records and wc_revolut_onboard_applepay_domain functions in versions up to, and including, 4.9.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to clear records and trigger applepay onboarding. • https://patchstack.com/database/vulnerability/revolut-gateway-for-woocommerce/wordpress-revolut-gateway-for-woocommerce-plugin-4-9-5-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •