CVE-2020-11497
Summary
| CVE | CVE-2020-11497 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-08-26 19:15:00 UTC |
| Updated | 2020-09-01 14:28:00 UTC |
| Description | An issue was discovered in the NAB Transact extension 2.1.0 for the WooCommerce plugin for WordPress. An online payment system bypass allows orders to be marked as fully paid by assigning an arbitrary bank transaction ID during the payment-details entry step. |
Risk And Classification
Problem Types: CWE-354
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Woocommerce | Nab Transact | 2.1.0 | All | All | All |
| Application | Woocommerce | Nab Transact | 2.1.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| WordPress NAB Transact WooCommerce 2.1.0 Payment Bypass ≈ Packet Storm | MISC | packetstormsecurity.com | Third Party Advisory |
| Full Disclosure: Payment bypass in WordPress - WooCommerce - NAB Transact plugin disclosure | MISC | seclists.org | Exploit, Mailing List, Third Party Advisory |
| Advisory cve-2020-11497 | MISC | www.themissinglink.com.au | Exploit, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.