Description
WordPress Plugin NAB Transact is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently mark any orders as fully paid. WordPress Plugin NAB Transact version 2.1.0 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.1.2 or latest
References
https://www.themissinglink.com.au/security-advisories-cve-2020-11497
https://seclists.org/fulldisclosure/2020/Aug/13
http://dzv365zjfbd8v.cloudfront.net/changelogs/woocommerce-gateway-nab-dp/changelog.txt
Related Vulnerabilities
WordPress Plugin WooCommerce Product Table Lite Cross-Site Scripting (2.3.0)
WordPress Plugin Abandoned Cart Lite for WooCommerce Security Bypass (5.14.2)
WordPress Plugin MStore API-Create Native Android & iOS Apps On The Cloud Security Bypass (3.9.2)
Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-39126)