CVE-2024-8678

CVSS V2 None CVSS V3 None
Description
The Revolut Gateway for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wc/v3/revolut REST API endpoint in all versions up to, and including, 4.17.3. This makes it possible for unauthenticated attackers to mark orders as completed.
Overview
  • CVE ID
  • CVE-2024-8678
  • Assigner
  • Wordfence
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-09-25T06:49:00.721Z
  • Last Modified Date
  • 2024-09-25T13:23:50.813Z
History
Created Old Value New Value Data Type Notes
2024-10-06 12:06:05 Added to TrackCVE