Vulnerabilities and security researches forwoocommerce-gateway-eway woocommerce-gateway-eway

Jun 07, 2024

CVE, Research URL: 7c85d88d9dc2379ea67793743b81c512dfec2ccf
Home page URL: Security reports for WooCommerce Eway Gateway
Application: WooCommerce Eway Gateway
Date: Jan 04, 2023
Research Description: Eway Payments for Woo [woocommerce-gateway-eway] < 3.5.1 WooCommerce Eway Gateway <= 3.5.0 - Insecure Direct Object Reference The WooCommerce Eway Gateway plugin for WordPress is vulnerable to insecure direct object reference in versions up to, and including, 3.5.0. This is due to insufficient validation on the 'order' user-controlled key. This ensures that subscriptions are paid for by the subscriber as opposed to another user.
Affected versions: max 3.5.1.
Status: vulnerable

Jun 16, 2026

CVE, Research URL: 25c033c851a6b18ed72fdc96796538b28f1b80c8
Home page URL: Security reports for WooCommerce Eway Gateway
Application: WooCommerce Eway Gateway
Date: Jan 05, 2023
Research Description: Eway Payments for Woo [woocommerce-gateway-eway] < 3.5.1 WordPress WooCommerce Eway Gateway Plugin <= 3.5.0 is vulnerable to Insecure Direct Object References (IDOR) Update the WordPress WooCommerce Eway Gateway plugin to the latest available version (at least 3.5.1). WordfenceTeam discovered and reported this Insecure Direct Object References (IDOR) vulnerability in WordPress WooCommerce Eway Gateway Plugin. An insecure direct object reference vulnerability could allow a malicious actor to bypass authorization, authentication, access sensitive files/folders or interact with the database. This vulnerability has been fixed in version 3.5.1.
Affected versions: max 3.5.1.
Status: vulnerable