The WP EasyPay – Square for WordPress plugin for WordPress is vulnerable to unauthorized modification of datadue to a missing capability check on the wpep_square_disconnect() function in all versions up to, and including, 4.2.3. This makes it possible for unauthenticated attackers to disconnect square.
References
Configurations
History
21 Nov 2024, 09:48
Type | Values Removed | Values Added |
---|---|---|
References | () https://plugins.trac.wordpress.org/browser/wp-easy-pay/trunk/modules/payments/square-authorization.php#L199 - Patch | |
References | () https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3106655%40wp-easy-pay&new=3106655%40wp-easy-pay&sfp_email=&sfph_mail=#file1 - Patch | |
References | () https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3122946%40wp-easy-pay&new=3122946%40wp-easy-pay&sfp_email=&sfph_mail= - Patch | |
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/446d458e-8b42-434e-a190-0af37a7d3afb?source=cve - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
29 Jul 2024, 20:32
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:wpeasypay:wp_easypay:*:*:*:*:*:wordpress:*:* | |
References | () https://plugins.trac.wordpress.org/browser/wp-easy-pay/trunk/modules/payments/square-authorization.php#L199 - Patch | |
References | () https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3106655%40wp-easy-pay&new=3106655%40wp-easy-pay&sfp_email=&sfph_mail=#file1 - Patch | |
References | () https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3122946%40wp-easy-pay&new=3122946%40wp-easy-pay&sfp_email=&sfph_mail= - Patch | |
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/446d458e-8b42-434e-a190-0af37a7d3afb?source=cve - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
First Time |
Wpeasypay wp Easypay
Wpeasypay |
24 Jul 2024, 12:55
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
24 Jul 2024, 04:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-24 04:15
Updated : 2024-11-21 09:48
NVD link : CVE-2024-5861
Mitre link : CVE-2024-5861
CVE.ORG link : CVE-2024-5861
JSON object : View
Products Affected
wpeasypay
- wp_easypay
CWE
CWE-862
Missing Authorization