Vulnerabilities and security researches forwoocommerce-checkout-cielo woocommerce-checkout-cielo

Jun 07, 2024

CVE, Research URL: CVE-2024-1718
Home page URL: Security reports for Claudio Sanches – Checkout Cielo for WooCommerce
Application: Claudio Sanches – Checkout Cielo for WooCommerce
Date: Jun 04, 2024
Research Description: The Claudio Sanches – Checkout Cielo for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient payment validation in the update_order_status() function in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to update the status of orders to paid bypassing payment.
Affected versions: max 1.1.0.
Status: vulnerable