Sign in Get started

← All advisories

High severity8.2NVD Advisory· Published Dec 20, 2023· Updated Apr 28, 2026

CVE-2023-37871

CVE-2023-37871

Description

Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce GoCardless.This issue affects GoCardless: from n/a through 2.5.6.

Affected products

1

Automattic/Woocommerce Gocardless
cpe:2.3:a:automattic:woocommerce_gocardless:*:*:*:*:*:wordpress:*:*
Range: <2.5.7

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

patchstack.com/database/vulnerability/woocommerce-gateway-gocardless/wordpress-woocommerce-gocardless-gateway-plugin-2-5-6-unauthenticated-insecure-direct-object-references-idor-vulnerabilitynvdThird Party Advisory

News mentions

0

No linked articles in our index yet.