CVE-2023-51503
WordPress WooCommerce Payments Plugin <= 6.6.2 is vulnerable to Insecure Direct Object References (IDOR)
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 6.9.2.
Vulnerabilidad de omisión de autorización a través de clave controlada por el usuario en Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo. Este problema afecta a WooPayments – Fully Integrated Solution Built and Supported by Woo: desde n/a hasta 6.9.2.
The WooPayments – Fully Integrated Solution Built and Supported by Woo plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.6.2 due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to access unintended objects.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2023-12-20 CVE Reserved
- 2023-12-27 CVE Published
- 2024-01-06 EPSS Updated
- 2024-08-26 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-639: Authorization Bypass Through User-Controlled Key
CAPEC
References (1)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Automattic Search vendor "Automattic" | Woopayments Search vendor "Automattic" for product "Woopayments" | < 6.7.0 Search vendor "Automattic" for product "Woopayments" and version " < 6.7.0" | wordpress |
Affected
| ||||||