Parameter Tampering in WooCommerce PayPal Checkout Payment Gateway by WordPress
CVE-2019-7441

6.5MEDIUM

Key Information:

Vendor

Wordpress
Status
Paypal Checkout Payment Gateway
Vendor
CVE Published:
21 March 2019

What is CVE-2019-7441?

The WooCommerce PayPal Checkout Payment Gateway version 1.6.8 for WordPress is susceptible to parameter tampering, particularly with the 'amount' parameter during transactions. This vulnerability allows a malicious user to modify the pricing of purchases, potentially enabling them to buy products for less than the intended price. Although the plugin validates the amount against the actual WooCommerce order total, discrepancies can leave orders in an 'On Hold' state if the manipulated amount does not align. Website owners using this plugin should ensure they keep their installation updated and monitor any transactions for suspicious activity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://gkaim.com/cve-2019-7441-vikas-chaudhary/
x_refsource_MISC
https://www.exploit-db.com/exploits/46632/
exploitx_refsource_EXPLOIT-DB
http://packetstormsecurity.com/files/152362/WordPress-Pay...
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.