Search criteria
6 vulnerabilities found for mollie_payments_for_woocommerce by mollie
FKIE_CVE-2024-6448
Vulnerability from fkie_nvd - Published: 2024-08-28 04:15 - Updated: 2025-07-09 14:42
Severity ?
Summary
The Mollie Payments for WooCommerce plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 7.7.0. This is due to the error reporting being enabled by default in multiple plugin files. This makes it possible for unauthenticated attackers to obtain the full path to instances, which they may be able to use in combination with other vulnerabilities or to simplify reconnaissance work. On its own, this information is of very limited use.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mollie | mollie_payments_for_woocommerce | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mollie:mollie_payments_for_woocommerce:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "3CA2B828-83D7-45A5-B60E-173D63FDB4BA",
"versionEndExcluding": "7.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Mollie Payments for WooCommerce plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 7.7.0. This is due to the error reporting being enabled by default in multiple plugin files. This makes it possible for unauthenticated attackers to obtain the full path to instances, which they may be able to use in combination with other vulnerabilities or to simplify reconnaissance work. On its own, this information is of very limited use."
},
{
"lang": "es",
"value": "El complemento Mollie Payments for WooCommerce para WordPress es vulnerable a la exposici\u00f3n de informaci\u00f3n en todas las versiones hasta la 7.7.0 incluida. Esto se debe a que el informe de errores est\u00e1 habilitado de forma predeterminada en varios archivos de complementos. Esto hace posible que los atacantes no autenticados obtengan la ruta completa a las instancias, que pueden utilizar en combinaci\u00f3n con otras vulnerabilidades o para simplificar el trabajo de reconocimiento. Por s\u00ed sola, esta informaci\u00f3n tiene una utilidad muy limitada."
}
],
"id": "CVE-2024-6448",
"lastModified": "2025-07-09T14:42:18.463",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security@wordfence.com",
"type": "Secondary"
}
]
},
"published": "2024-08-28T04:15:11.320",
"references": [
{
"source": "security@wordfence.com",
"tags": [
"Product"
],
"url": "https://plugins.trac.wordpress.org/browser/mollie-payments-for-woocommerce/tags/7.5.5/vendor/mollie/mollie-api-php/examples/initialize.php#L5"
},
{
"source": "security@wordfence.com",
"tags": [
"Patch"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3142176%40mollie-payments-for-woocommerce\u0026new=3142176%40mollie-payments-for-woocommerce\u0026sfp_email=\u0026sfph_mail="
},
{
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0c98026c-28a9-4c69-9f34-4c3bd4f75d85?source=cve"
}
],
"sourceIdentifier": "security@wordfence.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security@wordfence.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-6090
Vulnerability from fkie_nvd - Published: 2024-02-29 06:15 - Updated: 2025-02-26 16:40
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Unrestricted Upload of File with Dangerous Type vulnerability in Mollie Mollie Payments for WooCommerce.This issue affects Mollie Payments for WooCommerce: from n/a through 7.3.11.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mollie | mollie_payments_for_woocommerce | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mollie:mollie_payments_for_woocommerce:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "FA975723-B58F-48D4-9769-FE388F596ACE",
"versionEndExcluding": "7.3.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in Mollie Mollie Payments for WooCommerce.This issue affects Mollie Payments for WooCommerce: from n/a through 7.3.11.\n\n"
},
{
"lang": "es",
"value": "Carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en Mollie Mollie Payments para WooCommerce. Este problema afecta a Mollie Payments para WooCommerce: desde n/a hasta 7.3.11."
}
],
"id": "CVE-2023-6090",
"lastModified": "2025-02-26T16:40:25.113",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "audit@patchstack.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-29T06:15:46.237",
"references": [
{
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
],
"url": "https://patchstack.com/database/vulnerability/mollie-payments-for-woocommerce/wordpress-mollie-payments-for-woocommerce-plugin-7-3-11-arbitrary-file-upload-vulnerability?_s_id=cve"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://patchstack.com/database/vulnerability/mollie-payments-for-woocommerce/wordpress-mollie-payments-for-woocommerce-plugin-7-3-11-arbitrary-file-upload-vulnerability?_s_id=cve"
}
],
"sourceIdentifier": "audit@patchstack.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "audit@patchstack.com",
"type": "Secondary"
}
]
}
CVE-2024-6448 (GCVE-0-2024-6448)
Vulnerability from cvelistv5 – Published: 2024-08-28 03:27 – Updated: 2024-08-28 13:42
VLAI?
Title
Mollie Payments for WooCommerce <= 7.7.0 - Unauthenticated Full Path Disclosure
Summary
The Mollie Payments for WooCommerce plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 7.7.0. This is due to the error reporting being enabled by default in multiple plugin files. This makes it possible for unauthenticated attackers to obtain the full path to instances, which they may be able to use in combination with other vulnerabilities or to simplify reconnaissance work. On its own, this information is of very limited use.
Severity ?
5.3 (Medium)
CWE
- CWE-200 - Information Exposure
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| mollieintegration | Mollie Payments for WooCommerce |
Affected:
* , ≤ 7.7.0
(semver)
|
Credits
Matthew Rollings
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mollie:mollie_payments_for_woocommerce:*:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unaffected",
"product": "mollie_payments_for_woocommerce",
"vendor": "mollie",
"versions": [
{
"lessThanOrEqual": "7.7.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6448",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-28T13:42:04.128991Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T13:42:06.740Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mollie Payments for WooCommerce",
"vendor": "mollieintegration",
"versions": [
{
"lessThanOrEqual": "7.7.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Matthew Rollings"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Mollie Payments for WooCommerce plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 7.7.0. This is due to the error reporting being enabled by default in multiple plugin files. This makes it possible for unauthenticated attackers to obtain the full path to instances, which they may be able to use in combination with other vulnerabilities or to simplify reconnaissance work. On its own, this information is of very limited use."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T03:27:28.062Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0c98026c-28a9-4c69-9f34-4c3bd4f75d85?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/mollie-payments-for-woocommerce/tags/7.5.5/vendor/mollie/mollie-api-php/examples/initialize.php#L5"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3142176%40mollie-payments-for-woocommerce\u0026new=3142176%40mollie-payments-for-woocommerce\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2024-06-20T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2024-08-27T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Mollie Payments for WooCommerce \u003c= 7.7.0 - Unauthenticated Full Path Disclosure"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-6448",
"datePublished": "2024-08-28T03:27:28.062Z",
"dateReserved": "2024-07-02T10:16:17.071Z",
"dateUpdated": "2024-08-28T13:42:06.740Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6090 (GCVE-0-2023-6090)
Vulnerability from cvelistv5 – Published: 2024-02-29 05:23 – Updated: 2024-08-09 20:50
VLAI?
Title
WordPress Mollie Payments for WooCommerce Plugin <= 7.3.11 is vulnerable to Arbitrary File Upload
Summary
Unrestricted Upload of File with Dangerous Type vulnerability in Mollie Mollie Payments for WooCommerce.This issue affects Mollie Payments for WooCommerce: from n/a through 7.3.11.
Severity ?
9.1 (Critical)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mollie | Mollie Payments for WooCommerce |
Affected:
n/a , ≤ 7.3.11
(custom)
|
Credits
Rafie Muhammad (Patchstack)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:21:17.181Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/mollie-payments-for-woocommerce/wordpress-mollie-payments-for-woocommerce-plugin-7-3-11-arbitrary-file-upload-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mollie:mollie_payments_for_woocommerce:*:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unaffected",
"product": "mollie_payments_for_woocommerce",
"vendor": "mollie",
"versions": [
{
"lessThanOrEqual": "7.3.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6090",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-29T19:49:02.925166Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-09T20:50:33.176Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "mollie-payments-for-woocommerce",
"product": "Mollie Payments for WooCommerce",
"vendor": "Mollie",
"versions": [
{
"changes": [
{
"at": "7.3.12",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.3.11",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Rafie Muhammad (Patchstack)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in Mollie Mollie Payments for WooCommerce.\u003cp\u003eThis issue affects Mollie Payments for WooCommerce: from n/a through 7.3.11.\u003c/p\u003e"
}
],
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in Mollie Mollie Payments for WooCommerce.This issue affects Mollie Payments for WooCommerce: from n/a through 7.3.11.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-29T05:23:56.567Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/mollie-payments-for-woocommerce/wordpress-mollie-payments-for-woocommerce-plugin-7-3-11-arbitrary-file-upload-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to\u0026nbsp;7.3.12 or a higher version."
}
],
"value": "Update to\u00a07.3.12 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Mollie Payments for WooCommerce Plugin \u003c= 7.3.11 is vulnerable to Arbitrary File Upload",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-6090",
"datePublished": "2024-02-29T05:23:56.567Z",
"dateReserved": "2023-11-13T01:19:48.573Z",
"dateUpdated": "2024-08-09T20:50:33.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6448 (GCVE-0-2024-6448)
Vulnerability from nvd – Published: 2024-08-28 03:27 – Updated: 2024-08-28 13:42
VLAI?
Title
Mollie Payments for WooCommerce <= 7.7.0 - Unauthenticated Full Path Disclosure
Summary
The Mollie Payments for WooCommerce plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 7.7.0. This is due to the error reporting being enabled by default in multiple plugin files. This makes it possible for unauthenticated attackers to obtain the full path to instances, which they may be able to use in combination with other vulnerabilities or to simplify reconnaissance work. On its own, this information is of very limited use.
Severity ?
5.3 (Medium)
CWE
- CWE-200 - Information Exposure
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| mollieintegration | Mollie Payments for WooCommerce |
Affected:
* , ≤ 7.7.0
(semver)
|
Credits
Matthew Rollings
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mollie:mollie_payments_for_woocommerce:*:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unaffected",
"product": "mollie_payments_for_woocommerce",
"vendor": "mollie",
"versions": [
{
"lessThanOrEqual": "7.7.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6448",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-28T13:42:04.128991Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T13:42:06.740Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mollie Payments for WooCommerce",
"vendor": "mollieintegration",
"versions": [
{
"lessThanOrEqual": "7.7.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Matthew Rollings"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Mollie Payments for WooCommerce plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 7.7.0. This is due to the error reporting being enabled by default in multiple plugin files. This makes it possible for unauthenticated attackers to obtain the full path to instances, which they may be able to use in combination with other vulnerabilities or to simplify reconnaissance work. On its own, this information is of very limited use."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T03:27:28.062Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0c98026c-28a9-4c69-9f34-4c3bd4f75d85?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/mollie-payments-for-woocommerce/tags/7.5.5/vendor/mollie/mollie-api-php/examples/initialize.php#L5"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3142176%40mollie-payments-for-woocommerce\u0026new=3142176%40mollie-payments-for-woocommerce\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2024-06-20T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2024-08-27T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Mollie Payments for WooCommerce \u003c= 7.7.0 - Unauthenticated Full Path Disclosure"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-6448",
"datePublished": "2024-08-28T03:27:28.062Z",
"dateReserved": "2024-07-02T10:16:17.071Z",
"dateUpdated": "2024-08-28T13:42:06.740Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6090 (GCVE-0-2023-6090)
Vulnerability from nvd – Published: 2024-02-29 05:23 – Updated: 2024-08-09 20:50
VLAI?
Title
WordPress Mollie Payments for WooCommerce Plugin <= 7.3.11 is vulnerable to Arbitrary File Upload
Summary
Unrestricted Upload of File with Dangerous Type vulnerability in Mollie Mollie Payments for WooCommerce.This issue affects Mollie Payments for WooCommerce: from n/a through 7.3.11.
Severity ?
9.1 (Critical)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mollie | Mollie Payments for WooCommerce |
Affected:
n/a , ≤ 7.3.11
(custom)
|
Credits
Rafie Muhammad (Patchstack)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:21:17.181Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/mollie-payments-for-woocommerce/wordpress-mollie-payments-for-woocommerce-plugin-7-3-11-arbitrary-file-upload-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mollie:mollie_payments_for_woocommerce:*:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unaffected",
"product": "mollie_payments_for_woocommerce",
"vendor": "mollie",
"versions": [
{
"lessThanOrEqual": "7.3.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6090",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-29T19:49:02.925166Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-09T20:50:33.176Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "mollie-payments-for-woocommerce",
"product": "Mollie Payments for WooCommerce",
"vendor": "Mollie",
"versions": [
{
"changes": [
{
"at": "7.3.12",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.3.11",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Rafie Muhammad (Patchstack)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in Mollie Mollie Payments for WooCommerce.\u003cp\u003eThis issue affects Mollie Payments for WooCommerce: from n/a through 7.3.11.\u003c/p\u003e"
}
],
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in Mollie Mollie Payments for WooCommerce.This issue affects Mollie Payments for WooCommerce: from n/a through 7.3.11.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-29T05:23:56.567Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/mollie-payments-for-woocommerce/wordpress-mollie-payments-for-woocommerce-plugin-7-3-11-arbitrary-file-upload-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to\u0026nbsp;7.3.12 or a higher version."
}
],
"value": "Update to\u00a07.3.12 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Mollie Payments for WooCommerce Plugin \u003c= 7.3.11 is vulnerable to Arbitrary File Upload",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-6090",
"datePublished": "2024-02-29T05:23:56.567Z",
"dateReserved": "2023-11-13T01:19:48.573Z",
"dateUpdated": "2024-08-09T20:50:33.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}