WooCommerce PayPal Checkout Vulnerability [CVE-2019-7441]

CVE Number – CVE-2019-7441

WooCommerce PayPal Checkout Payment Gateway plugin for WordPress could allow a remote attacker to bypass security restrictions, caused by a parameter tampering flaw. By intercepting communication traffic and making change to the parameter value, an attacker could exploit this vulnerability to change the amount of the payment.

This tampering attack is based on the manipulation of parameters exchanged between client and server in order to modify application data.

This issue applies to WooCommerce PayPal Checkout Payment Gateway plugin 1.6.8 for WordPress.

At the time of publication there is no fix avaliable.

Jason Davies

UK based technology professional, with an interest in computer security and telecoms.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: