cleantalk
Vulnerabilities and Security Researches

WooCommerce Eway Gateway, 7c85d88d9dc2379ea67793743b81c512dfec2ccf

CVE, Research URL

7c85d88d9dc2379ea67793743b81c512dfec2ccf

Home page URL

Security reports for WooCommerce Eway Gateway

Application

WooCommerce Eway Gateway

Published on
Jan 04, 2023
Research Description
Eway Payments for Woo [woocommerce-gateway-eway] < 3.5.1 WooCommerce Eway Gateway <= 3.5.0 - Insecure Direct Object Reference The WooCommerce Eway Gateway plugin for WordPress is vulnerable to insecure direct object reference in versions up to, and including, 3.5.0. This is due to insufficient validation on the 'order' user-controlled key. This ensures that subscriptions are paid for by the subscriber as opposed to another user.
Affected versions
max 3.5.1.
Status
vulnerable
Previous vulnerability researches
WooCommerce Eway Gateway (25c033c851a6b18ed72fdc96796538b28f1b80c8) , Jun 16, 2026
WooCommerce Eway Gateway (7c85d88d9dc2379ea67793743b81c512dfec2ccf) , Jun 07, 2024
New vulnerability
Quick Paypal Payments (694ee69b4de310131233fa748c67a0df9010292f) , Jun 16, 2026
Quick Paypal Payments (43aed989204b22d7d17d9eef7b521d26d569a905) , Jun 16, 2026
Quick Paypal Payments (687d78df7bf1589193db1c931abb3c12142e1a6a) , Jun 16, 2026
Quick Paypal Payments (6d8910c719b2a132ec93828cd37e418b19cac960) , Jun 16, 2026
Quick Paypal Payments (9361b71637bede9f86f9b8e7ae1908d62a5ef31c) , Jun 16, 2026