Description

WordPress Plugin WooCommerce PayPal Checkout Payment Gateway is prone to parameter tampering. Attackers can exploit this issue by manipulating parameters exchanged between client and server in order to modify application data. WordPress Plugin WooCommerce PayPal Checkout Payment Gateway version 1.6.8 is vulnerable; prior versions may also be affected.

Remediation

Disable the plugin until a fix is available

References

https://www.exploit-db.com/exploits/46632

https://packetstormsecurity.com/files/152362/WordPress-PayPal-Checkout-Payment-Gateway-1.6.8-Parameter-Tampering.html

Related Vulnerabilities

Oracle JRE CVE-2013-0448 Vulnerability (CVE-2013-0448)

JQuery UI Cross-site Scripting (XSS) Vulnerability (CVE-2016-7103)

WebLogic CVE-2020-14841 Vulnerability (CVE-2020-14841)

WordPress 5.2.x Multiple Vulnerabilities (5.2 - 5.2.9)

Rukovoditel Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-44944)

Severity

High

Classification

CVE-2019-7441 CWE-472 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update