WooCommerce Instamojo Payment Gateway plugin 1.0.7 for WordPress allows Parameter Tampering in an amount parameter-CVE-2019-14977
# Exploit Title: card/pay/.../amount in the WooCommerce Instamojo Payment Gateway plugin 1.0.7 for WordPress allows Parameter Tampering in the sign parameter, as demonstrated by purchasing an item for lower than the intended price. # Date: 09.08.2019 # Product Title : WooCommerce Instamojo Payment Gateway Plugin # Vendor Homepage: https://wordpress.org # Software Link : https://wordpress.org/plugins/woo-instamojo/ # Category: Web Applications Plugin (Wordpress) # Version: 1.0.7 # Active installations: 10,000+ # Exploit Author: Vikas Chaudhary # Contact: https://gkaim.com/contact-us/ # Web: https://gkaim.com/ # Tested on:
Read More