CVE-2023-3525

Name of the Vulnerable Software and Affected Versions Getnet Argentina para Woocommerce plugin for WordPress versions up to, and including, 0.0.4

Description The issue is related to authorization bypass due to missing validation on the webhook function. This allows unauthenticated attackers to set their payment status to 'APPROVED' without actually making a payment.

Recommendations For versions up to, and including, 0.0.4, update to a version that includes the necessary validation on the webhook function to prevent unauthorized changes to payment status. At the moment, there is no information about a newer version that contains a fix for this vulnerability.