CVE-2024-1718

MEDIUM 5.3

Claudio Sanches – Checkout Cielo for WooCommerce <= 1.1.0 - Insufficient Verification of Data Authenticity to Order Payment Status Update

CVSS Score

5.3

EPSS Score

0.0%

EPSS Percentile

0th

The Claudio Sanches – Checkout Cielo for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient payment validation in the update_order_status() function in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to update the status of orders to paid bypassing payment.

CWE	CWE-345
Vendor	claudiosanches
Product	claudio sanches – checkout cielo for woocommerce
Published	Jun 4, 2024
Last Updated	Apr 8, 2026

Stay Ahead of the Next One

Get instant alerts for claudiosanches claudio sanches – checkout cielo for woocommerce

Be the first to know when new medium vulnerabilities affecting claudiosanches claudio sanches – checkout cielo for woocommerce are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

claudiosanches / Claudio Sanches – Checkout Cielo for WooCommerce

0 ≤ 1.1.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/40cb3214-a11b-4bee-9422-256d12303460?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/woocommerce-checkout-cielo/trunk/includes/class-wc-checkout-cielo-gateway.php#L296

Credits

Lucio Sá