Main Vulnerability Database SB2019032113

SB2019032113 - Security restrictions bypass in WooCommerce PayPal Checkout Payment Gateway plugin for WordPress

Published: March 21, 2019 Updated: July 8, 2019

Security Bulletin ID SB2019032113

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Security restrictions bypass (CVE-ID: CVE-2019-7441)

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to application does not perform validation of the attacker-controlled data, assuming that data is valid and safe. A remote attacker can tamper with parameters, passed to the application, and change its flow, e.g. purchase and item for lower price.

Remediation

Install update from vendor's website.

References

http://packetstormsecurity.com/files/152362/WordPress-PayPal-Checkout-Payment-Gateway-1.6.8-Parameter-Tampering.html
https://gkaim.com/cve-2019-7441-vikas-chaudhary/
https://www.exploit-db.com/exploits/46632/