CVE-2020-11497

Опубликовано: 26 авг. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

An issue was discovered in the NAB Transact extension 2.1.0 for the WooCommerce plugin for WordPress. An online payment system bypass allows orders to be marked as fully paid by assigning an arbitrary bank transaction ID during the payment-details entry step.

Ссылки

http://packetstormsecurity.com/files/158931/WordPress-NAB-Transact-WooCommerce-2.1.0-Payment-Bypass.html
Third Party Advisory
http://seclists.org/fulldisclosure/2020/Aug/13
Exploit
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2020/Aug/13
Exploit
Mailing List
Third Party Advisory
https://www.themissinglink.com.au/security-advisories-cve-2020-11497
Exploit
Third Party Advisory
http://packetstormsecurity.com/files/158931/WordPress-NAB-Transact-WooCommerce-2.1.0-Payment-Bypass.html
Third Party Advisory
http://seclists.org/fulldisclosure/2020/Aug/13
Exploit
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2020/Aug/13
Exploit
Mailing List
Third Party Advisory
https://www.themissinglink.com.au/security-advisories-cve-2020-11497
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:woocommerce:nab_transact:2.1.0:*:*:*:*:wordpress:*:*

EPSS

Процентиль: 27%

0.00097

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-354

Связанные уязвимости

GHSA-fx5w-fcjm-f678

github

больше 3 лет назад