CVE-2020-11497 – NAB Transact < 2.1.2 - Payment System Bypass

https://notcve.org/view.php?id=CVE-2020-11497

An issue was discovered in the NAB Transact extension 2.1.0 for the WooCommerce plugin for WordPress. An online payment system bypass allows orders to be marked as fully paid by assigning an arbitrary bank transaction ID during the payment-details entry step. Se detectó un problema en la extensión NAB Transact versión 2.1.0, para el plugin WooCommerce para WordPress. Una omisión del sistema de pago en línea permite que los pedidos sean marcados como pagados en su totalidad mediante la asignación de una ID de transacción bancaria arbitraria durante el paso de entrada de los detalles del pago WordPress NAB Transact WooCommerce plugin version 2.1.0 suffers from a payment bypass vulnerability. • http://packetstormsecurity.com/files/158931/WordPress-NAB-Transact-WooCommerce-2.1.0-Payment-Bypass.html http://seclists.org/fulldisclosure/2020/Aug/13 https://www.themissinglink.com.au/security-advisories-cve-2020-11497 • CWE-354: Improper Validation of Integrity Check Value CWE-693: Protection Mechanism Failure •