CVE-2020-8819

HIGH

CardGate Payments <3.1.15 - Auth Bypass

Title source: llm

Description

An issue was discovered in the CardGate Payments plugin through 3.1.15 for WooCommerce. Lack of origin authentication in the IPN callback processing function in cardgate/cardgate.php allows an attacker to remotely replace critical plugin settings (merchant ID, secret key, etc.) and therefore bypass the payment process (e.g., spoof an order status by manually sending an IPN callback request with a valid signature but without real payment) and/or receive all of the subsequent payments.

Exploits (1)

exploitdb WORKING POC

by GeekHack · phpwebappsphp

https://www.exploit-db.com/exploits/48134

View Code ZIP pw:eip

References (5)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/156504/WordPress-WooCommerce-CardGate-Payment-Gateway-3.1.15-Bypass.html

[Exploit, Third Party Advisory] https://github.com/cardgate/woocommerce/blob/f2111af7b1a3fd701c1c5916137f3ac09482feeb/cardgate/cardgate.php#L426-L442

[Exploit, Third Party Advisory] https://github.com/cardgate/woocommerce/issues/18

[Third Party Advisory] https://wpvulndb.com/vulnerabilities/10097

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/48134

Scores

CVSS v3 8.1

EPSS 0.0027

EPSS Percentile 50.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Details

CWE

CWE-346

Status published

Products (2)

cardgate/cardgate_payments < 3.1.15

cardgate/woocommerce 0 - 3.1.16Packagist

Published Feb 25, 2020

Tracked Since Feb 18, 2026