1 results (0.003 seconds)
CVSS: 7.5EPSS: 5%CPEs: 1EXPL: 1
CVE-2018-20782 – WordPress Plugin WooCommerce - GloBee (cryptocurrency) Payment Gateway 1.1.1 - Payment Bypass / Unauthorized Order Status Spoofing
https://notcve.org/view.php?id=CVE-2018-20782
The GloBee plugin before 1.1.2 for WooCommerce mishandles IPN messages. El plugin GloBee, en versiones anteriores a la 1.1.2 para WooCommerce, gestiona de manera incorrecta los mensajes IPN. WordPress WooCommerce plugin with GloBee cryptocurrency payment gateway versions 1.1.1 and below suffer from payment bypass and unauthorized order status spoofing vulnerabilities. • https://www.exploit-db.com/exploits/46414 https://github.com/GloBee-Official/woocommerce-payment-api-plugin/issues/3 https://github.com/GloBee-Official/woocommerce-payment-api-plugin/pull/2 • CWE-20: Improper Input Validation •