VYPR

PayU CommercePro Plugin

by WordPress

CVEs (1)

  • CVE-2024-12264CriJan 7, 2025
    risk 0.64cvss 9.8epss 0.01

    The PayU CommercePro Plugin plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.8.3. This is due to /wp-json/payu/v1/generate-user-token and /wp-json/payu/v1/get-shipping-cost REST API endpoints not properly verifying a user's…