Payment bypass in WordPress – WooCommerce – NAB Transact plugin disclosure

Posted by Jack Misiura via Fulldisclosure on Aug 21

Title: Payment bypass

Product: WordPress NAB Transact WooCommerce Plugin

Vendor Homepage: https://woocommerce.com/products/nab-transact-direct-post/

Vulnerable Version: 2.1.0

Fixed Version: 2.1.2

CVE Number: CVE-2020-11497

Author: Jack Misiura from The Missing Link

Website: https://www.themissinglink.com.au

Timeline:

2020-03-27 Disclosed to Vendor

2020-03-29 Vendor publishes first fix

2020-04-04 Vendor publishes second fix

2020-08-17…

For additional information, please see:

Original Source

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Patreon