CVE-2024-30527 – WordPress WP Express Checkout plugin <= 2.3.7 - Price Manipulation vulnerability

https://notcve.org/view.php?id=CVE-2024-30527

Improper Validation of Specified Quantity in Input vulnerability in Tips and Tricks HQ WP Express Checkout (Accept PayPal Payments) allows Manipulating Hidden Fields.This issue affects WP Express Checkout (Accept PayPal Payments): from n/a through 2.3.7. Vulnerabilidad de validación incorrecta de la cantidad especificada en la entrada en Tips and Tricks HQ WP Express Checkout (Accept PayPal Payments) permite manipular campos ocultos. Este problema afecta a WP Express Checkout (Accept PayPal Payments): desde n/a hasta 2.3.7. The WP Express Checkout (Accept PayPal Payments) plugin for WordPress is vulnerable to price manipulation in all versions up to, and including, 2.3.7. This is due to insufficient validation on the pricing data being passed to the server. • https://patchstack.com/database/vulnerability/wp-express-checkout/wordpress-wp-express-checkout-plugin-2-3-7-price-manipulation-vulnerability?_s_id=cve • CWE-348: Use of Less Trusted Source CWE-1284: Improper Validation of Specified Quantity in Input •