CVE-2024-30527

WordPress WP Express Checkout plugin <= 2.3.7 - Price Manipulation vulnerability

CVSS 7.5 HIGHEPSS 0.5%CWE-1284

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 7.5EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

17 May 2024Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Improper Validation of Specified Quantity in Input vulnerability in Tips and Tricks HQ WP Express Checkout (Accept PayPal Payments) allows Manipulating Hidden Fields.This issue affects WP Express Checkout (Accept PayPal Payments): from n/a through 2.3.7.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected products

Tips and Tricks HQ · WP Express Checkout (Accept PayPal Payments)

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://patchstack.com/database/vulnerability/wp-express-checkout/wordpress-wp-express-checkout-plugin-2-3-7-price-manipulation-vulnerability?_s_id=cve