CVE-2024-8678

Name of the Vulnerable Software and Affected Versions: Revolut Gateway for WooCommerce plugin for WordPress versions up to, and including, 4.17.3

Description: The issue is related to unauthorized modification of data due to a missing capability check on the "/wc/v3/revolut" REST API endpoint. This allows unauthenticated attackers to mark orders as completed.

Recommendations: For versions up to, and including, 4.17.3, update to a version higher than 4.17.3 to resolve the issue. As a temporary workaround, consider restricting access to the "/wc/v3/revolut" REST API endpoint until a patch is available.