CVE-2024-2382

MEDIUM 5.3

Authorize.net Payment Gateway For WooCommerce <= 8.0 - Insufficient Verification of Data Authenticity to Unauthenticated Payment Bypass

CVSS Score

5.3

EPSS Score

0.0%

EPSS Percentile

0th

The Authorize.net Payment Gateway For WooCommerce plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 8.0. This is due to the plugin not properly verifying the authenticity of the request that updates a orders payment status. This makes it possible for unauthenticated attackers to update order payment statuses to paid bypassing any payment.

CWE	CWE-345
Vendor	ishanverma
Product	authorize.net payment gateway for woocommerce
Published	Jun 4, 2024
Last Updated	Apr 8, 2026

Stay Ahead of the Next One

Get instant alerts for ishanverma authorize.net payment gateway for woocommerce

Be the first to know when new medium vulnerabilities affecting ishanverma authorize.net payment gateway for woocommerce are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

ishanverma / Authorize.net Payment Gateway For WooCommerce

0 ≤ 8.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/4ab71d24-0409-421b-8abf-f4d5390a32a1?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/authorizenet-payment-gateway-for-woocommerce/trunk/index.php#L205

Credits

Lucio Sá