CVE-2023-5132

Name of the Vulnerable Software and Affected Versions Soisy Pagamento Rateale plugin for WordPress versions up to, and including, 6.0.1

Description The issue allows unauthorized access to data due to a missing capability check on the parseRemoteRequest function. This makes it possible for unauthenticated attackers with knowledge of an existing WooCommerce Order ID to expose sensitive WooCommerce order information, such as Name, Address, Email Address, and other order metadata.

Recommendations For Soisy Pagamento Rateale plugin for WordPress versions up to, and including, 6.0.1, update to a version higher than 6.0.1 to resolve the issue. As a temporary workaround, consider restricting access to the parseRemoteRequest function to prevent unauthorized data exposure.