Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4
CVSSv2

CVE-2019-7441

Published: 21/03/2019 Updated: 11/04/2024
CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 405
Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N
Subscribe to Woocommerce

Vulnerability Summary

cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.8 for WordPress allows Parameter Tampering in an amount parameter (such as amount_1), as demonstrated by purchasing an item for lower than the intended price. NOTE: The plugin author states it is true that the amount can be manipulated in the PayPal payment flow. However, the amount is validated against the WooCommerce order total before completing the order, and if it doesn’t match then the order will be left in an “On Hold” state

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

woocommerce paypal checkout payment gateway 1.6.8

Exploits

Exploit DB: WordPress Plugin PayPal Checkout Payment Gateway 1.6.8 - Parameter Tampering
# Exploit Title: cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout Payment Gateway plugin 168 for WordPress allows Parameter Tampering in an amount parameter (such as amount_1), as demonstrated by purchasing an item for lower than the intended price # Date: 27012019 # Product Title :Woocommerce Paypal gateway Plugin # Vendor Homepage: ...
Exploit DB: WordPress PayPal Checkout Payment Gateway 1.6.8 Parameter Tampering
WordPress PayPal Checkout Payment Gateway plugin version 168 suffers from a parameter tampering vulnerability that allows for price manipulation ...

References

NVD-CWE-noinfohttps://gkaim.com/cve-2019-7441-vikas-chaudhary/https://www.exploit-db.com/exploits/46632/http://packetstormsecurity.com/files/152362/WordPress-PayPal-Checkout-Payment-Gateway-1.6.8-Parameter-Tampering.htmlhttps://wordpress.org/support/topic/vulnerabilty-in-plugin/#post-11899173https://nvd.nist.govhttps://www.exploit-db.com/exploits/46632
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook