Vulnerability CVE-2024-0619
Published: 2024-07-11

Description:
The Payflex Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the payment_callback() function in all versions up to, and including, 2.5.0. This makes it possible for unauthenticated attackers to update the status of orders, which can potentially lead to revenue loss.

 References:
https://www.wordfence.com/threat-intel/vulnerabilities/id/9f740cfa-7163-4634-9705-0e01ee571a11?source=cve
https://plugins.trac.wordpress.org/browser/payflex-payment-gateway/trunk/partpay.php#L751
Copyright 2026, cxsecurity.com

 

Back to Top