The Soisy Pagamento Rateale plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the parseRemoteRequest function in versions up to, and including, 6.0.1. This makes it possible for unauthenticated attackers with knowledge of an existing WooCommerce Order ID to expose sensitive WooCommerce order information (e.g., Name, Address, Email Address, and other order metadata).
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2023-10-21T01:53:41.144Z

Updated: 2024-08-02T07:44:53.788Z

Reserved: 2023-09-22T16:20:49.833Z

Link: CVE-2023-5132

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-10-21T02:15:07.960

Modified: 2024-11-21T08:41:07.540

Link: CVE-2023-5132

cve-icon Redhat

No data.