CVE-2024-5861
WP Easy Pay (Free) <= 4.2.3 - Missing Authorization to Unauthenticated Service Disconnection
CVSS Score
5.3
EPSS Score
0.0%
EPSS Percentile
0th
The WP EasyPay – Square for WordPress plugin for WordPress is vulnerable to unauthorized modification of datadue to a missing capability check on the wpep_square_disconnect() function in all versions up to, and including, 4.2.3. This makes it possible for unauthenticated attackers to disconnect square.
| CWE | CWE-862 |
| Vendor | saadiqbal |
| Product | wp easy pay – payment and donation form builder for square |
| Published | Jul 24, 2024 |
| Last Updated | Apr 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for saadiqbal wp easy pay – payment and donation form builder for square
Be the first to know when new medium vulnerabilities affecting saadiqbal wp easy pay – payment and donation form builder for square are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
saadiqbal / WP Easy Pay – Payment and Donation form Builder for Square
0 ≤ 4.2.3
References
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/446d458e-8b42-434e-a190-0af37a7d3afb?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/wp-easy-pay/trunk/modules/payments/square-authorization.php#L199 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3106655%40wp-easy-pay&new=3106655%40wp-easy-pay&sfp_email=&sfph_mail=#file1 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3122946%40wp-easy-pay&new=3122946%40wp-easy-pay&sfp_email=&sfph_mail=
Credits
Lucio Sá