漏洞速览
- 漏洞编号:
CVE-2026-3124 - 风险评分:
7.5(高危) - 首次披露:2026-03-29
- 最近更新:2026-03-29
- 软件类型:插件
- 软件标识:
download-monitor - 受影响版本:<= 5.1.7
- 修复版本:5.1.8
- 是否已修复:是
漏洞详情
The Download Monitor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.7 via the executePayment() function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to complete arbitrary pending orders by exploiting a mismatch between the PayPal transaction token and the local order, allowing theft of paid digital goods by paying a minimal amount for a low-cost item and using that payment token to finalize a high-value order.
影响与风险
- 漏洞类型:Insecure Direct Object Reference to Unauthenticated Arbitrary Order Completion via 'token' and 'order_id'
- 风险说明:漏洞可能被利用以执行未授权操作,建议按官方修复方案立即升级并复核安全配置。
- 研究人员:Hung Nguyen (bashu) – VN
修复建议
- 按官方建议执行修复:更新至 5.1.8 或更高已修复版本。
- 复核
administrator/shop manager等高权限账号与角色授权。 - 排查近期插件安装/配置变更记录,确认无异常写入。
- 建议配合 WAF 与登录审计,持续观察可疑请求。
