2 matches found
CVE-2019-7441
cgi-bin/webscr?cmd=cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.8 for WordPress allows Parameter Tampering in an amount parameter such as amount1, as demonstrated by purchasing an item for lower than the intended price. NOTE: The plugin author states it is true that the amou...
CVE-2019-7441
CVE-2019-7441 affects the WordPress plugin WooCommerce PayPal Checkout Payment Gateway version 1.6.8. The vulnerability is Parameter Tampering in the /cgi-bin/webscr?cmd=_cart endpoint, where an attacker can manipulate the amount (e.g., amount_1) to pay less than the intended price. The public de...