Main Vulnerability Database SB2019012705

SB2019012705 - Security restrictions bypass in woocommercereport WooCommerce PayPal Checkout Payment Gateway for WordPress

Published: January 27, 2019 Updated: October 22, 2019

Security Bulletin ID SB2019012705

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Security restrictions bypass (CVE-ID: CVE-2019-7441)

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to application does not perform validation of the attacker-controlled data, assuming that data is valid and safe. A remote attacker can tamper with parameters, passed to the application, and change its flow, e.g. purchase and item for lower price.

Remediation

Install update from vendor's website.

References

http://packetstormsecurity.com/files/152362/WordPress-PayPal-Checkout-Payment-Gateway-1.6.8-Parameter-Tampering.html
https://gkaim.com/cve-2019-7441-vikas-chaudhary/
https://www.exploit-db.com/exploits/46632/