WordPress · Getnet Argentina Para Woocommerce · CVE-2023-3525
**Name of the Vulnerable Software and Affected Versions**
Getnet Argentina para Woocommerce plugin for WordPress versions up to, and including, 0.0.4
**Description**
The issue is related to authorization bypass due to missing validation on the `webhook` function. This allows unauthenticated attackers to set their payment status to 'APPROVED' without actually making a payment.
**Recommendations**
For versions up to, and including, 0.0.4, update to a version that includes the necessary validation on the `webhook` function to prevent unauthorized changes to payment status. At the moment, there is no information about a newer version that contains a fix for this vulnerability.