[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f5FeyhSFRtGwnlScYHj0jgOEoYbXMTKCg6UmVSyYlU1A":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20},"CVE-2023-37871","woocommerce-gocardless-gateway-unauthenticated-insecure-direct-object-reference","WooCommerce GoCardless Gateway \u003C= 2.5.6 - Unauthenticated Insecure Direct Object Reference","The WooCommerce GoCardless Gateway plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.5.6. This is due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to cancel guest orders or expose sensitive information about an order.","woocommerce-gateway-gocardless",null,"\u003C=2.5.6","2.5.7","medium",6.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:L\u002FI:L\u002FA:N","Authorization Bypass Through User-Controlled Key","2023-07-10 00:00:00","2024-01-22 19:56:02",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Faa174135-d7aa-44f1-8924-44313fc70a75?source=api-prod",197]