Wiz
Vulnerability DatabaseCVE-2020-11497

CVE-2020-11497
WordPress vulnerability analysis and mitigation

Overview

The vulnerability (CVE-2020-11497) affects the WordPress NAB Transact WooCommerce Plugin versions below 2.1.2. Discovered by Jack Misiura from The Missing Link and disclosed on August 20, 2020, this security flaw allows attackers to bypass the payment system in the WooCommerce NAB Transact plugin (SecLists, WPScan).

Technical details

The vulnerability stems from the plugin's failure to validate the origin of payment processor status requests. The flaw allows attackers to mark orders as fully paid by issuing a specially crafted GET request during the ordering workflow. The attack involves manipulating parameters such as order numbers, order codes, and transaction IDs in the request URL to bypass the payment process (Missing Link, SecLists).

Impact

Successful exploitation of this vulnerability allows attackers to mark any pending orders as fully paid and introduce arbitrary transaction numbers into the payment records without actually completing the payment process. This could result in financial losses for merchants using the affected plugin (Missing Link).

Mitigation and workarounds

The vulnerability was patched in version 2.1.2 of the NAB Transact WooCommerce plugin. Site administrators are strongly recommended to update to this version immediately to prevent potential exploitation (WPScan).

Additional resources

SourceThis report was generated using AI

Related WordPress vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2025-6757MEDIUM6.4
  • recent-posts-widget-extended
NoNoSep 06, 2025
CVE-2025-9493MEDIUM6.4
  • admin-menu-editor
NoYesSep 06, 2025
CVE-2025-9442MEDIUM6.4
  • streamweasels-kick-integration
NoYesSep 06, 2025
CVE-2025-10046MEDIUM4.9
  • elex-woocommerce-google-product-feed-plugin-basic
NoYesSep 06, 2025
CVE-2025-8085N/AN/A
  • ditty-news-ticker
NoYesSep 08, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo