CVE-2024-0629 – 2Checkout Payment Gateway for WooCommerce <= 6.2 - Missing Authorization via sniff_ins

https://notcve.org/view.php?id=CVE-2024-0629

The 2Checkout Payment Gateway for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sniff_ins function in all versions up to, and including, 6.2. This makes it possible for unauthenticated attackers to make changes to orders and mark them as paid. El complemento 2Checkout Payment Gateway para WooCommerce para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificación de capacidad en la función sniff_ins en todas las versiones hasta la 6.2 incluida. Esto hace posible que atacantes no autenticados realicen cambios en los pedidos y los marquen como pagados. • https://wordpress.org/plugins/woocommerce-2checkout-payment https://www.wordfence.com/threat-intel/vulnerabilities/id/bcc6a4a5-b133-4ee1-a345-a7c812624b03?source=cve • CWE-862: Missing Authorization •