Key Information Vulnerability Name: WordPress CryptoCloud - Crypto Payment Gateway Plugin <= 2.1.2 is vulnerable to Broken Access Control Priority: Medium priority Affected Versions: <= 2.1.2 Official Fix: No official fix available Risk: This vulnerability is moderately dangerous and expected to become exploited. Vulnerability Type: Broken Access Control Description: A broken access control issue refers to a missing authorization, authentication, or nonce token check in a function that could lead to an unprivileged user executing a certain higher-privileged action. Software Status: This software is likely abandoned! It was last updated over a year ago and will likely not receive further updates or fixes. Solution: Remove and replace software. This software was last updated over a year ago and will likely not receive further updates or fixes. Note that deactivating the software does not remove the security threat unless a vPatch is deployed. Details: Due to the specific nature of this vulnerability, no virtual patch can be assigned to it. Timeline: - Reported by chilOn on May 2020 - Early warning sent out to Patchstack customers on 22 May 2020 - Published by Patchstack on 25 May 2020