Report
The Duitku Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the check_duitku_response function in all versions up to, and including, 2.11.6. This makes it possible for unauthenticated attackers to change the payment status of orders to failed.
Score:5.3
Severity:Medium
Version: 2.11.6
There is a patch available in v2.11.7 and we strongly recommend you update to this version as soon as possible.
