Parameter Tampering in WooCommerce PayU India Payment Gateway Plugin for WordPress
CVE-2019-14978
5.3MEDIUM
What is CVE-2019-14978?
The WooCommerce PayU India Payment Gateway plugin version 2.1.1 for WordPress contains a parameter tampering vulnerability affecting the purchaseQuantity parameter. An attacker can exploit this flaw to manipulate the purchase quantity, allowing items to be purchased at prices lower than intended. This could lead to financial loss for merchants and potential abuse of the payment processing system.