Showing 1 - 1 of 1

CVE-2019-7441

Status Candidate

Overview

** DISPUTED ** cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.8 for WordPress allows Parameter Tampering in an amount parameter (such as amount_1), as demonstrated by purchasing an item for lower than the intended price. NOTE: The plugin author states it is true that the amount can be manipulated in the PayPal payment flow. However, the amount is validated against the WooCommerce order total before completing the order, and if it doesn’t match then the order will be left in an “On Hold” state.

Related Files

WordPress PayPal Checkout Payment Gateway 1.6.8 Parameter Tampering: Posted Apr 2, 2019; Authored by Vikas Chaudhary; WordPress PayPal Checkout Payment Gateway plugin version 1.6.8 suffers from a parameter tampering vulnerability that allows for price manipulation.; tags | exploit; advisories | CVE-2019-7441; SHA-256 | 6e0ad5dddcf08502f10847006fa79ea1623521d8213389eb3119018609bbe05d; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 250 files
indoushka 184 files
Ubuntu 99 files
Gentoo 32 files
Debian 18 files
malvuln 13 files
Frederik Beimgraben 11 files
Chris Beiter 11 files
Matthias Deeg 11 files
Apple 10 files

File Archives

Systems

AIX (430)
Apple (2,115)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,132)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,599)
HPUX (881)
iOS (390)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,415)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (16,936)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,896)
UNIX (9,464)
UnixWare (188)
Windows (6,782)
Other

CVE-2019-7441

Overview

Related Files

File Archive:

October 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems