High severity7.5NVD Advisory· Published Jul 12, 2023· Updated Jun 17, 2026
CVE-2023-3525
CVE-2023-3525
Description
The Getnet Argentina para Woocommerce plugin for WordPress is vulnerable to authorization bypass due to missing validation on the 'webhook' function in versions up to, and including, 0.0.4. This makes it possible for unauthenticated attackers to set their payment status to 'APPROVED' without payment.
Affected products
2- Range: <=0.0.4
- Range: 0.0.1
Patches
Vulnerability mechanics
References
2- www.youtube.com/watchnvdExploit
- www.wordfence.com/threat-intel/vulnerabilities/id/245e9117-ca63-458e-a094-60a759f5ec19nvdThird Party Advisory
News mentions
0No linked articles in our index yet.