CVE-2024-30527: WordPress WP Express Checkout plugin <= 2.3.7 - Price Manipulation vulnerability
First published: Fri May 17 2024(Updated: )
Improper Validation of Specified Quantity in Input vulnerability in Tips and Tricks HQ WP Express Checkout (Accept PayPal Payments) allows Manipulating Hidden Fields.This issue affects WP Express Checkout (Accept PayPal Payments): from n/a through 2.3.7.
Credit: audit@patchstack.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| WP Express Checkout | <=2.3.7 | |
| WP Express Checkout | <=2.3.7 |
Remedy
Update to 2.3.8 or a higher version.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-30527?
The severity of CVE-2024-30527 is considered high due to its potential for manipulating financial transactions.
How do I fix CVE-2024-30527?
To fix CVE-2024-30527, update the WP Express Checkout plugin to version 2.3.8 or later.
What versions are affected by CVE-2024-30527?
CVE-2024-30527 affects WP Express Checkout versions up to and including 2.3.7.
What type of vulnerability is CVE-2024-30527?
CVE-2024-30527 is an improper validation vulnerability that allows manipulation of hidden fields in the payment process.
Who is the vendor for CVE-2024-30527?
The vendor for CVE-2024-30527 is Tips and Tricks HQ, associated with the WP Express Checkout plugin.
- agent/references
- agent/remedy
- agent/title
- agent/weakness
- agent/type
- agent/description
- agent/first-publish-date
- agent/severity
- agent/author
- agent/event
- collector/nvd-api
- source/NVD
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/tips and tricks hq
- canonical/wp express checkout
- vendor/wordpress
- canonical/wordpress wp express checkout