{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-11T02:42:46.122","vulnerabilities":[{"cve":{"id":"CVE-2023-5132","sourceIdentifier":"security@wordfence.com","published":"2023-10-21T02:15:07.960","lastModified":"2026-04-08T19:18:43.823","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The Soisy Pagamento Rateale plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the parseRemoteRequest function in versions up to, and including, 6.0.1. This makes it possible for unauthenticated attackers with knowledge of an existing WooCommerce Order ID to expose sensitive WooCommerce order information (e.g., Name, Address, Email Address, and other order metadata)."},{"lang":"es","value":"El complemento Soisy Pagamento Rateale para WordPress es vulnerable al acceso no autorizado a los datos debido a una falta de verificación de capacidad en la función parseRemoteRequest en versiones hasta la 6.0.1 incluida. Esto hace posible que atacantes no autenticados con conocimiento de un ID de pedido de WooCommerce existente expongan información confidencial del pedido de WooCommerce (por ejemplo, nombre, dirección, dirección de correo electrónico y otros metadatos del pedido)."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:soisy:soisy_pagamento_rateale:*:*:*:*:*:wordpress:*:*","versionEndIncluding":"6.0.1","matchCriteriaId":"681F1DE5-D86F-49EF-AA0F-81670E858E91"}]}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/soisy-pagamento-rateale/trunk/public/class-soisy-pagamento-rateale-public.php#L465","source":"security@wordfence.com","tags":["Product"]},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2979568%40soisy-pagamento-rateale&new=2979568%40soisy-pagamento-rateale&sfp_email=&sfph_mail=","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d3c997cd-37b4-4b9c-b99e-397be484aa36?source=cve","source":"security@wordfence.com","tags":["Third Party Advisory"]},{"url":"https://plugins.trac.wordpress.org/browser/soisy-pagamento-rateale/trunk/public/class-soisy-pagamento-rateale-public.php#L465","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product"]},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d3c997cd-37b4-4b9c-b99e-397be484aa36?source=cve","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}