CVE-2024-55996: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability was identified in Dreamfox Media Payment gateway per Product for Woocommerce plugin, affecting versions through 3.5.6. The vulnerability allows exploiting incorrectly configured access control security levels. The issue was discovered by researcher Mika and was disclosed on December 14, 2024 (Patchstack).

The vulnerability is classified as a Broken Access Control issue (CWE-862) with a CVSS v3.1 Base Score of 6.1 (Medium). The vulnerability vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L, indicating that it is network-accessible, requires low attack complexity, needs no privileges, but requires user interaction. The vulnerability stems from missing authorization checks that could allow unprivileged users to execute higher privileged actions (Patchstack).

The vulnerability is considered moderately dangerous and is expected to become exploited. It affects the security of websites using the vulnerable plugin versions, potentially allowing unauthorized access to privileged functions (Patchstack).

Users are advised to update to version 3.5.9 or later to resolve the vulnerability. Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks until users can update to the fixed version (Patchstack).