CVE-2024-55996 – WordPress Payment gateway per Product for WooCommerce plugin <= 3.5.6 - Broken Access Control vulnerability

https://notcve.org/view.php?id=CVE-2024-55996

14 Dec 2024 — Missing Authorization vulnerability in Dreamfox Dreamfox Media Payment gateway per Product for Woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dreamfox Media Payment gateway per Product for Woocommerce: from n/a through 3.5.6. The Payment Gateway Per Product for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.5.6. This makes it possible for unau... • https://patchstack.com/database/wordpress/plugin/woocommerce-product-payments/vulnerability/wordpress-payment-gateway-per-product-for-woocommerce-plugin-3-5-6-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •