CVE-2019-7441

MEDIUM

WooCommerce PayPal Checkout Payment Gateway <1.6.8 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-7441. PoCs published by Vikas Chaudhary.

AI-analyzed exploit summary This exploit demonstrates a parameter tampering vulnerability in the WooCommerce PayPal Checkout Payment Gateway plugin (1.6.8), allowing an attacker to manipulate the 'amount' parameter to purchase items at a lower price than intended.

Description

cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.8 for WordPress allows Parameter Tampering in an amount parameter (such as amount_1), as demonstrated by purchasing an item for lower than the intended price. NOTE: The plugin author states it is true that the amount can be manipulated in the PayPal payment flow. However, the amount is validated against the WooCommerce order total before completing the order, and if it doesn’t match then the order will be left in an “On Hold” state

Exploits (1)

exploitdb WORKING POC

by Vikas Chaudhary · textwebappsphp

https://www.exploit-db.com/exploits/46632

View Code ZIP pw:eip

This exploit demonstrates a parameter tampering vulnerability in the WooCommerce PayPal Checkout Payment Gateway plugin (1.6.8), allowing an attacker to manipulate the 'amount' parameter to purchase items at a lower price than intended.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: WooCommerce PayPal Checkout Payment Gateway plugin 1.6.8 for WordPress

No auth needed

Prerequisites: WooCommerce PayPal Checkout Payment Gateway plugin 1.6.8 installed on a WordPress site · Access to the checkout process

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Third Party Advisory x_refsource_misc

https://gkaim.com/cve-2019-7441-vikas-chaudhary/

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/46632/

Exploit, Third Party Advisory x_refsource_misc

http://packetstormsecurity.com/files/152362/WordPress-PayPal-Checkout-Payment-Gateway-1.6.8-Parameter-Tampering.html

Product x_refsource_misc

https://wordpress.org/support/topic/vulnerabilty-in-plugin/#post-11899173

Scores

CVSS v3 6.5

EPSS 0.0605

EPSS Percentile 92.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Details

Status published

Products (1)

woocommerce/paypal_checkout_payment_gateway 1.6.8

Published Mar 21, 2019

Tracked Since Feb 18, 2026