CVE-2019-7441

Name of the Vulnerable Software and Affected Versions WooCommerce PayPal Checkout Payment Gateway plugin version 1.6.8

Description The issue allows Parameter Tampering in an amount parameter, such as amount 1, in the /cgi-bin/webscr?cmd= cart endpoint. This can be exploited by purchasing an item for a lower price than intended. However, the plugin author notes that the amount is validated against the WooCommerce order total before completing the order. If the amounts do not match, the order will be left in an "On Hold" state.

Recommendations For version 1.6.8, consider restricting the use of the amount 1 parameter in the /cgi-bin/webscr?cmd= cart endpoint until a patch is available. Additionally, monitor orders for discrepancies between the intended and actual prices to minimize potential financial losses. At the moment, there is no information about a newer version that contains a fix for this vulnerability.