CVSS 3.1 Score 5.3 of 10 (medium)


Published Mar 13, 2024
CWE ID 862


CVE-2024-0631 is a vulnerability in the Duitku Payment Gateway plugin for WordPress, affecting versions up to and including 2.11.4. This vulnerability allows unauthenticated attackers to modify data by changing the payment status of orders to failed, due to a missing capability check on the check_duitku_response function. The base severity of this vulnerability is rated as MEDIUM with a base score of 5.3 according to CVSS version 3.1. The exploitability score is 3.9, and the impact score is 1.4, indicating a potential danger to organizations using this plugin. No user interaction or privileges are required for exploitation, and the attack vector is through the network. The integrity impact is rated as LOW, while there is no confidentiality impact or availability impact associated with this vulnerability.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-0631 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options