The Duitku Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the check_duitku_response function in all versions up to, and including, 2.11.4. This makes it possible for unauthenticated attackers to change the payment status of orders to failed.
Metrics
Affected Vendors & Products
References
History
Fri, 07 Feb 2025 20:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Duitku
Duitku duitku Payment Gateway |
|
Weaknesses | NVD-CWE-noinfo | |
CPEs | cpe:2.3:a:duitku:duitku_payment_gateway:*:*:*:*:*:wordpress:*:* | |
Vendors & Products |
Duitku
Duitku duitku Payment Gateway |

Status: PUBLISHED
Assigner: Wordfence
Published:
Updated: 2024-08-01T18:11:35.666Z
Reserved: 2024-01-16T21:51:02.039Z
Link: CVE-2024-0631

Updated: 2024-08-01T18:11:35.666Z

Status : Analyzed
Published: 2024-03-13T16:15:12.573
Modified: 2025-02-07T19:32:17.003
Link: CVE-2024-0631

No data.