Description
Missing Authorization vulnerability in dreamfox Dreamfox Media Payment gateway per Product for Woocommerce woocommerce-product-payments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dreamfox Media Payment gateway per Product for Woocommerce: from n/a through <= 3.5.6.
References (2)
Core 2
Core References
Scores
CVSS v3
6.1
EPSS
0.0034
EPSS Percentile
26.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-862
Status
published
Products (2)
Dreamfox/Dreamfox Media Payment gateway per Product for Woocommerce
< 3.5.6
dreamfox/Dreamfox Media Payment gateway per Product for Woocommerce
< 3.5.6
Published
Dec 16, 2024
Tracked Since
Feb 18, 2026