First published: Thu Aug 29 2019(Updated: )
/payu/icpcheckout/ in the WooCommerce PayU India Payment Gateway plugin 2.1.1 for WordPress allows Parameter Tampering in the purchaseQuantity=1 parameter, as demonstrated by purchasing an item for lower than the intended price.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Woocommerce Payu India Payment Gateway | =2.1.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-14978 is a vulnerability in the WooCommerce PayU India Payment Gateway plugin 2.1.1 for WordPress that allows parameter tampering in the purchaseQuantity parameter.
CVE-2019-14978 affects the WooCommerce PayU India Payment Gateway plugin version 2.1.1 for WordPress.
CVE-2019-14978 has a severity score of 5.3 out of 10, indicating a medium severity.
To exploit CVE-2019-14978, you would need to tamper with the purchaseQuantity parameter to purchase an item for a lower price than intended.
A fix for CVE-2019-14978 may be available from the plugin vendor or developer, and it is recommended to update to the latest version of the WooCommerce PayU India Payment Gateway plugin to address this vulnerability.