CVE-2018-20782

HIGH

GloBee WooCommerce < 1.1.2 - Improper Input Validation in IPN Message Handling

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-20782. PoCs published by GeekHack.

AI-analyzed exploit summary This PoC exploits a payment bypass vulnerability in the WordPress WooCommerce GloBee Payment Gateway Plugin by spoofing the IPN callback to mark an order as 'completed' without actual payment. It leverages insufficient input validation and lack of cryptographic authentication in the IPN callback function.

Description

The GloBee plugin before 1.1.2 for WooCommerce mishandles IPN messages.

Exploits (1)

exploitdb WORKING POC
by GeekHack · phpwebappsphp
https://www.exploit-db.com/exploits/46414

This PoC exploits a payment bypass vulnerability in the WordPress WooCommerce GloBee Payment Gateway Plugin by spoofing the IPN callback to mark an order as 'completed' without actual payment. It leverages insufficient input validation and lack of cryptographic authentication in the IPN callback function.

Classification
Working Poc 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: WordPress WooCommerce GloBee Payment Gateway Plugin <= 1.1.1
No auth needed
Prerequisites: Access to the target shop's URL · Valid payment link from GloBee · Order ID to spoof
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/46414/

Scores

CVSS v3 7.5
EPSS 0.1001
EPSS Percentile 95.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-20
Status published
Products (1)
globee/woocommerce < 1.1.2
Published Feb 17, 2019
Tracked Since Feb 18, 2026