CVE-2024-1718

Name of the Vulnerable Software and Affected Versions Claudio Sanches – Checkout Cielo for WooCommerce plugin for WordPress versions up to, and including, 1.1.0

Description The issue is related to insufficient payment validation in the update order status() function, allowing unauthenticated attackers to update the status of orders to paid, bypassing payment. This enables unauthorized modification of data.

Recommendations For versions up to, and including, 1.1.0, update to a version higher than 1.1.0 to resolve the issue. As a temporary workaround, consider disabling the update order status() function until a patch is available.