High severity7.5NVD Advisory· Published Oct 21, 2023· Updated Jun 17, 2026
CVE-2023-5132
CVE-2023-5132
Description
The Soisy Pagamento Rateale plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the parseRemoteRequest function in versions up to, and including, 6.0.1. This makes it possible for unauthenticated attackers with knowledge of an existing WooCommerce Order ID to expose sensitive WooCommerce order information (e.g., Name, Address, Email Address, and other order metadata).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- cpe:2.3:a:soisy:soisy_pagamento_rateale:*:*:*:*:*:wordpress:*:*Range: <=6.0.1
- Range: <=6.0.1
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.