CVE-2019-14978

Severity CVSS v4.0:
Pending analysis
Type:
CWE-20 Input Validation
Publication date:
29/08/2019
Last modified:
02/12/2019

Description

/payu/icpcheckout/ in the WooCommerce PayU India Payment Gateway plugin 2.1.1 for WordPress allows Parameter Tampering in the purchaseQuantity=1 parameter, as demonstrated by purchasing an item for lower than the intended price.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:woocommerce:payu_india_payment_gateway:2.1.1:*:*:*:*:wordpress:*:*