CVE-2024-0619 - Vulnerability Details - OpenCVE

The Payflex Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the payment_callback() function in all versions up to, and including, 2.5.0. This makes it possible for unauthenticated attackers to update the status of orders, which can potentially lead to revenue loss.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00305.

Key SSVC decision points have not yet been added.

Vendors	Products
Payflex	Payment Gateway

Configuration 1 [-]

cpe:2.3:a:payflex:payment_gateway:*:*:*:*:*:wordpress:*:*

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://plugins.trac.wordpress.org/browser/payflex-payment-gateway/trunk/partpay.php#L751
https://www.wordfence.com/threat-intel/vulnerabilities/id/9f740cfa-7163-4634-9705-0e01ee571a11?source=cve

History

No history.

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-07-11T03:33:20.077Z

Updated: 2024-08-01T18:11:35.647Z

Reserved: 2024-01-16T18:23:50.049Z

Link: CVE-2024-0619

Vulnrichment

Updated: 2024-08-01T18:11:35.647Z

NVD

Status : Modified

Published: 2024-07-11T04:15:03.247

Modified: 2024-11-21T08:47:00.873

Link: CVE-2024-0619

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-0619", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2024-01-16T18:23:50.049Z", "datePublished": "2024-07-11T03:33:20.077Z", "dateUpdated": "2024-08-01T18:11:35.647Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-07-11T03:33:20.077Z"}, "affected": [{"vendor": "tomlister", "product": "Payflex Payment Gateway", "versions": [{"version": "*", "status": "affected", "lessThanOrEqual": "2.5.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Payflex Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the payment_callback() function in all versions up to, and including, 2.5.0. This makes it possible for unauthenticated attackers to update the status of orders, which can potentially lead to revenue loss."}], "title": "Payflex Payment Gateway <= 2.5.0 - Missing Authorization to Order Status Update", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9f740cfa-7163-4634-9705-0e01ee571a11?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/payflex-payment-gateway/trunk/partpay.php#L751"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Francesco Carlucci"}], "timeline": [{"time": "2024-07-10T00:00:00.000+00:00", "lang": "en", "value": "Disclosed"}]}, "adp": [{"affected": [{"vendor": "tomlister", "product": "payflex_payment_gateway", "cpes": ["cpe:2.3:a:tomlister:payflex_payment_gateway:2.5.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "2.5.0", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-11T13:56:57.387095Z", "id": "CVE-2024-0619", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-11T14:01:37.344Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:11:35.647Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9f740cfa-7163-4634-9705-0e01ee571a11?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/payflex-payment-gateway/trunk/partpay.php#L751", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9f740cfa-7163-4634-9705-0e01ee571a11?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/payflex-payment-gateway/trunk/partpay.php#L751", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:11:35.647Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-0619", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-11T13:56:57.387095Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:tomlister:payflex_payment_gateway:2.5.0:*:*:*:*:*:*:*"], "vendor": "tomlister", "product": "payflex_payment_gateway", "versions": [{"status": "affected", "version": "2.5.0"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-11T14:01:29.074Z"}}], "cna": {"title": "Payflex Payment Gateway <= 2.5.0 - Missing Authorization to Order Status Update", "credits": [{"lang": "en", "type": "finder", "value": "Francesco Carlucci"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "tomlister", "product": "Payflex Payment Gateway", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "2.5.0"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2024-07-10T00:00:00.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9f740cfa-7163-4634-9705-0e01ee571a11?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/payflex-payment-gateway/trunk/partpay.php#L751"}], "descriptions": [{"lang": "en", "value": "The Payflex Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the payment_callback() function in all versions up to, and including, 2.5.0. This makes it possible for unauthenticated attackers to update the status of orders, which can potentially lead to revenue loss."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-07-11T03:33:20.077Z"}}}, "cveMetadata": {"cveId": "CVE-2024-0619", "state": "PUBLISHED", "dateUpdated": "2024-08-01T18:11:35.647Z", "dateReserved": "2024-01-16T18:23:50.049Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2024-07-11T03:33:20.077Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:payflex:payment_gateway:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "31F732DE-6A7C-41BE-BA19-765AF8EFF566", "versionEndIncluding": "2.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Payflex Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the payment_callback() function in all versions up to, and including, 2.5.0. This makes it possible for unauthenticated attackers to update the status of orders, which can potentially lead to revenue loss."}, {"lang": "es", "value": "El complemento Payflex Payment Gateway para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n Payment_callback() en todas las versiones hasta la 2.5.0 incluida. Esto hace posible que atacantes no autenticados actualicen el estado de los pedidos, lo que potencialmente puede provocar una p\u00e9rdida de ingresos."}], "id": "CVE-2024-0619", "lastModified": "2024-11-21T08:47:00.873", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2024-07-11T04:15:03.247", "references": [{"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/payflex-payment-gateway/trunk/partpay.php#L751"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9f740cfa-7163-4634-9705-0e01ee571a11?source=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/payflex-payment-gateway/trunk/partpay.php#L751"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9f740cfa-7163-4634-9705-0e01ee571a11?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}]}