Executive Summary

This vulnerability is a Missing Authorization issue in the Onepay Payment Gateway For WooCommerce plugin (versions up to 1.1.2). It involves incorrectly configured access control security levels, allowing unauthorized actions without authentication. It is classified under OWASP Top 10 category A4: Insecure Design and has a moderate CVSS score of 6.5. The vulnerability was fixed in version 1.1.3. [1]

Useful 0 Not Useful 0

Impact Analysis

The vulnerability allows exploitation without authentication due to missing authorization checks, potentially enabling unauthorized users to perform actions they should not be able to. However, it is considered a low priority issue with no impactful threat reported. Updating to version 1.1.3 or later mitigates the risk. [1]

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate this vulnerability, update the onepay Payment Gateway For WooCommerce plugin to version 1.1.3 or later, as this version resolves the issue. Additionally, consider enabling auto-updates if supported by your platform to ensure timely patching. [1]

Useful 0 Not Useful 0

Detection Guidance

This vulnerability affects the onepay Payment Gateway For WooCommerce plugin versions up to 1.1.2. Detection can be done by checking the installed plugin version on your WordPress site. You can detect the plugin version by running the following WP-CLI command: `wp plugin list --status=active` and look for 'onepay-payment-gateway-for-woocommerce' and its version. If the version is 1.1.2 or lower, your system is vulnerable. There are no specific network detection commands or signatures provided for this vulnerability. [1]

Useful 0 Not Useful 0