Wizit Gateway for WooCommerce Unauthenticated Arbitrary Order Cancellation Vulnerability
Vulnerability
A vulnerability exists in the Wizit Gateway for WooCommerce plugin for WordPress, allowing unauthenticated users to cancel arbitrary WooCommerce orders. This issue affects all versions of the plugin up to and including 1.2.9. The vulnerability arises from a lack of authentication and authorization checks in the 'handle_checkout_redirecturl_response' function. Exploitation involves sending a crafted request with a valid order ID to cancel the order.
Impact
Exploitation of this vulnerability allows for unauthorized cancellation of WooCommerce orders, potentially leading to financial loss or disruption of service.
Reproduction
To reproduce this vulnerability, send a request to the 'handle_checkout_redirecturl_response' endpoint of the Wizit Gateway for WooCommerce plugin. Include a valid order ID in the request. The absence of authentication and authorization checks will allow the cancellation of the specified order.
Remediation
No known patch is available. It is recommended to uninstall the affected plugin and find a replacement.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.