MyCryptoCheckout – Bitcoin, Ethereum, and 100+ altcoins for WooCommerce <= 2.161 - Missing Authorization
Description
The MyCryptoCheckout – Bitcoin, Ethereum, and 100+ altcoins for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.161. This makes it possible for unauthenticated attackers to perform an unauthorized action.
CVSS Vector Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NTechnical Details
<=2.161What Changed in the Fix
Changes introduced in v2.162
Source Code
WordPress.org SVN' ); data = atob( data ); data = jQuery.parseJSON( data ); return data; } ``` I'll have the agent use `browser_eval` to get this JSON. - Target URL: `/wp-admin/admin-ajax.php` - Action: `mycryptocheckout_cancel_payment` (inferred from `WooCommerce.php:129…
Show full research plan
' );
data = atob( data );
data = jQuery.parseJSON( data );
return data;
}
```
I'll have the agent use browser_eval to get this JSON.
- Target URL: `/wp-admin/admin-ajax.php`
- Action: `mycryptocheckout_cancel_payment` (inferred from `WooCommerce.php:129`)
- Param: `order_id`
Wait, if the vulnerability is actually `mcc_save_settings`, I should mention it. But the instructions say "GROUND your plan in the source files provided". `mycryptocheckout_cancel_payment` is in the source.
*Final Plan Structure:*
1. Vulnerability Summary: Missing capability check in `mycryptocheckout_cancel_payment`.
2. Attack Vector: AJAX endpoint.
3. Code Flow: `WooCommerce::_construct` -> `add_action` -> `mycryptocheckout_cancel_payment`.
4. Nonce: Extract from `#mycryptocheckout_checkout_data`.
5. Payload: `action=mycryptocheckout_cancel_payment&order_id=X`.
Wait, I'll search for one more thing. Is there any `wp_ajax_nopriv` in the source?
No. It's likely in the parent class `\plainview
Check if your site is affected.
Run a free security audit to detect vulnerable plugins, outdated versions, and misconfigurations.