7.5
CVE-2020-11497
- EPSS 0.1%
- Veröffentlicht 26.08.2020 19:15:14
- Zuletzt bearbeitet 21.11.2024 04:58:01
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginNAB Transact < 2.1.2 - Payment System Bypass
An issue was discovered in the NAB Transact extension 2.1.0 for the WooCommerce plugin for WordPress. An online payment system bypass allows orders to be marked as fully paid by assigning an arbitrary bank transaction ID during the payment-details entry step.
Mögliche Gegenmaßnahme
NAB Transact: Update to version 2.1.2, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
NAB Transact
Version
[*, 2.1.2)
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Woocommerce ≫ Nab Transact Version2.1.0 SwPlatformwordpress
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.1% | 0.274 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:N
|
CWE-354 Improper Validation of Integrity Check Value
The product does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.