Vulnerability Description
An issue was discovered in the NAB Transact extension 2.1.0 for the WooCommerce plugin for WordPress. An online payment system bypass allows orders to be marked as fully paid by assigning an arbitrary bank transaction ID during the payment-details entry step.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Woocommerce | Nab Transact | 2.1.0 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/158931/WordPress-NAB-Transact-WooCommerce-2Third Party Advisory
- http://seclists.org/fulldisclosure/2020/Aug/13ExploitMailing ListThird Party Advisory
- http://seclists.org/fulldisclosure/2020/Aug/13ExploitMailing ListThird Party Advisory
- https://www.themissinglink.com.au/security-advisories-cve-2020-11497ExploitThird Party Advisory
- http://packetstormsecurity.com/files/158931/WordPress-NAB-Transact-WooCommerce-2Third Party Advisory
- http://seclists.org/fulldisclosure/2020/Aug/13ExploitMailing ListThird Party Advisory
- http://seclists.org/fulldisclosure/2020/Aug/13ExploitMailing ListThird Party Advisory
- https://www.themissinglink.com.au/security-advisories-cve-2020-11497ExploitThird Party Advisory
FAQ
What is CVE-2020-11497?
CVE-2020-11497 is a vulnerability with a CVSS score of 7.5 (HIGH). An issue was discovered in the NAB Transact extension 2.1.0 for the WooCommerce plugin for WordPress. An online payment system bypass allows orders to be marked as fully paid by assigning an arbitrary...
How severe is CVE-2020-11497?
CVE-2020-11497 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-11497?
Check the references section above for vendor advisories and patch information. Affected products include: Woocommerce Nab Transact.