cleantalk
Vulnerabilities and Security Researches

WooCommerce Eway Gateway, 25c033c851a6b18ed72fdc96796538b28f1b80c8

CVE, Research URL

25c033c851a6b18ed72fdc96796538b28f1b80c8

Home page URL

Security reports for WooCommerce Eway Gateway

Application

WooCommerce Eway Gateway

Published on
Jan 05, 2023
Research Description
Eway Payments for Woo [woocommerce-gateway-eway] < 3.5.1 WordPress WooCommerce Eway Gateway Plugin <= 3.5.0 is vulnerable to Insecure Direct Object References (IDOR) Update the WordPress WooCommerce Eway Gateway plugin to the latest available version (at least 3.5.1). WordfenceTeam discovered and reported this Insecure Direct Object References (IDOR) vulnerability in WordPress WooCommerce Eway Gateway Plugin. An insecure direct object reference vulnerability could allow a malicious actor to bypass authorization, authentication, access sensitive files/folders or interact with the database. This vulnerability has been fixed in version 3.5.1.
Affected versions
max 3.5.1.
Status
vulnerable
Previous vulnerability researches
My auctions allegro (CVE-2025-27009) , Apr 16, 2025
My auctions allegro (CVE-2024-11707) , Dec 06, 2024
My auctions allegro (CVE-2025-68567) , Jan 10, 2026
My auctions allegro (CVE-2025-68566) , Jan 10, 2026
My auctions allegro (CVE-2025-12851) , Dec 10, 2025
New vulnerability
WP-Appbox (cec60394318af09fd303e279df20a93f055a959c) , Jun 16, 2026
WP-Appbox (38323495c61fe870f9687d2fb34e8fdaa47f2cea) , Jun 16, 2026
WP-Appbox (b78e4a3b-e432-4968-8b83-125f3bac15cd) , Jun 16, 2026
URL Shortify &#8211; Simple, Powerful and Easy URL Shortener Plugin For WordPress (7e2df72d0d3ae3947c848af11e4ca85b5289884f) , Jun 16, 2026
URL Shortify &#8211; Simple, Powerful and Easy URL Shortener Plugin For WordPress (19ac812be99118e0d79989b0d0f4d22659a8491d) , Jun 16, 2026