The 2Checkout Payment Gateway for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sniff_ins function in all versions up to, and including, 6.2. This makes it possible for unauthenticated attackers to make changes to...
5.3CVSS
7AI Score
0.0004EPSS
Missing Authorization vulnerability in Tyche Softwares Payment Gateway Based Fees and Discounts for WooCommerce.This issue affects Payment Gateway Based Fees and Discounts for WooCommerce: from n/a through...
4.3CVSS
7.5AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Loopus WP Cost Estimation & Payment Forms Builder allows Reflected XSS.This issue affects WP Cost Estimation & Payment Forms Builder: from n/a through...
7.1CVSS
7.4AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paystack Payment Forms for Paystack allows Stored XSS.This issue affects Payment Forms for Paystack: from n/a through...
6.5CVSS
7.2AI Score
0.0004EPSS
Missing Authorization vulnerability in Loopus WP Cost Estimation & Payment Forms Builder.This issue affects WP Cost Estimation & Payment Forms Builder: from n/a through...
6.5CVSS
7.4AI Score
0.0004EPSS
The Forminator – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ forminator_form shortcode attribute in versions up to, and including, 1.29.2 due to insufficient input sanitization and output escaping. This makes it...
6.4CVSS
6.1AI Score
0.0004EPSS
The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the update_users_role() function in all versions up to, and including, 5.3.0.0. This makes it possible for...
8.8CVSS
7.3AI Score
0.0004EPSS
The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to blind SQL Injection via the ‘id’ parameter of the RM_Form shortcode in all versions up to, and including, 5.3.1.0 due to insufficient escaping on the user supplied...
8.8CVSS
7.6AI Score
0.0004EPSS
The Forminator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded file (e.g. 3gpp file) in all versions up to, and including, 1.29.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...
7.2CVSS
6.3AI Score
0.0004EPSS
The WooCommerce Clover Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the callback_handler function in all versions up to, and including, 1.3.1. This makes it possible for unauthenticated attackers to mark orders as...
5.3CVSS
7AI Score
0.0004EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in loopus WP Cost Estimation & Payment Forms Builder.This issue affects WP Cost Estimation & Payment Forms Builder: from n/a through...
8.5CVSS
8.2AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a through...
5.4CVSS
7.2AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David de Boer Paytium: Mollie payment forms & donations allows Stored XSS.This issue affects Paytium: Mollie payment forms & donations: from n/a through...
6.5CVSS
7AI Score
0.0004EPSS
The TeraWallet – Best WooCommerce Wallet System With Cashback Rewards, Partial Payment, Wallet Refunds plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the terawallet_export_user_search() function in all versions up to, and including, 1.4.10....
4.3CVSS
6.9AI Score
0.0004EPSS
The Duitku Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the check_duitku_response function in all versions up to, and including, 2.11.4. This makes it possible for unauthenticated attackers to change the payment status....
5.3CVSS
7AI Score
0.0004EPSS
The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'MerchantReference' parameter in all versions up to, and including, 1.6.5.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...
9.8CVSS
8.1AI Score
0.0004EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in POSTAHSİL Online Payment System allows SQL Injection.This issue affects Online Payment System: before...
9.8CVSS
9.7AI Score
0.001EPSS
The Payment Forms for Paystack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated.....
5.4CVSS
6.1AI Score
0.001EPSS
The Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.7.2. This is due to missing or incorrect nonce validation on the update_settings function. This....
4.3CVSS
8.9AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login allows Reflected XSS.This issue affects RegistrationMagic – Custom Registration Forms, User...
6.1CVSS
7.2AI Score
0.0005EPSS
Payment EX Ver1.1.5b and earlier allows a remote unauthenticated attacker to obtain the information of the user who purchases merchandise using Payment...
6.5CVSS
7AI Score
0.001EPSS
The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 3.7.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
7.5CVSS
8.1AI Score
0.001EPSS
The Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the name field label and description field label parameter in all versions up to 6.7 (inclusive) due to insufficient input...
4.8CVSS
6.3AI Score
0.0004EPSS
The Formidable Forms plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 6.7. This vulnerability allows unauthenticated users to inject arbitrary HTML code into form fields. When the form data is viewed by an administrator in the Entries View Page, the injected...
6.1CVSS
7.7AI Score
0.001EPSS
SAP S/4HANA Finance for (Advanced Payment Management) - versions SAPSCORE 128, S4CORE 107, does not perform necessary authorization checks. A function import could be triggered allowing the attacker to create in-house bank accounts leading to low impact on the confidentiality of the...
6.5CVSS
7.3AI Score
0.0005EPSS
Deserialization of Untrusted Data vulnerability in Anton Bond Woocommerce Tranzila Payment Gateway.This issue affects Woocommerce Tranzila Payment Gateway: from n/a through...
9.8CVSS
7.4AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Laybuy Laybuy Payment Extension for WooCommerce allows Stored XSS.This issue affects Laybuy Payment Extension for WooCommerce: from n/a through...
5.4CVSS
7.2AI Score
0.0004EPSS
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a through...
9.8CVSS
7.2AI Score
0.001EPSS
The PayHere Payment Gateway WordPress plugin before 2.2.12 automatically creates publicly-accessible log files containing sensitive information when transactions...
7.5CVSS
6.7AI Score
0.001EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RegistrationMagic RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login.This issue affects RegistrationMagic – Custom Registration Forms, User Registration,...
7.2CVSS
8.2AI Score
0.001EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Adastra Crypto Cryptocurrency Payment & Donation Box – Accept Payments in any Cryptocurrency on your WP Site for Free.This issue affects Cryptocurrency Payment & Donation Box – Accept Payments in.....
7.2CVSS
8.2AI Score
0.001EPSS
Server-Side Request Forgery (SSRF) vulnerability in Paytm Paytm Payment Gateway.This issue affects Paytm Payment Gateway: from n/a through...
6.5CVSS
7.2AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POWR.Io Contact Form – Custom Builder, Payment Form, and More allows Stored XSS.This issue affects Contact Form – Custom Builder, Payment Form, and More: from n/a through...
5.4CVSS
7.2AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in RegistrationMagic RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login allows Cross Site Request Forgery.This issue affects RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User...
8.8CVSS
7.4AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PT Trijaya Digital Grup TriPay Payment Gateway allows Stored XSS.This issue affects TriPay Payment Gateway: from n/a through...
4.8CVSS
7.2AI Score
0.0004EPSS
The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient blacklisting on the 'forminator_allowed_mime_types' function in versions up to, and including, 1.27.0. This makes it possible for authenticated attackers with administrator-level capabilities or above...
4.9CVSS
7.9AI Score
0.001EPSS
A vulnerability classified as critical has been found in Shenzhen Youkate Industrial Facial Love Cloud Payment System up to 1.0.55.0.0.1. This affects an unknown part of the file /SystemMng.ashx of the component Account Handler. The manipulation of the argument operatorRole with the input 00 leads....
9.8CVSS
7.3AI Score
0.001EPSS
The POWR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'powr-powr-pack' shortcode in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
5.4CVSS
6.1AI Score
0.001EPSS
Server-Side Request Forgery (SSRF) vulnerability in PhonePe PhonePe Payment Solutions.This issue affects PhonePe Payment Solutions: from n/a through...
7.5CVSS
7AI Score
0.004EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Paytm Paytm Payment Gateway paytm-payments allows SQL Injection.This issue affects Paytm Payment Gateway: from n/a through...
9.8CVSS
8.2AI Score
0.005EPSS
The WooCommerce EAN Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refresh_order_ean_data AJAX action in versions up to 6.1.0. This makes it possible for authenticated attackers with contributor-level access and...
4.3CVSS
8.2AI Score
0.0004EPSS
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Dreamfox Payment gateway per Product for WooCommerce plugin <= 3.2.7...
6.1CVSS
6AI Score
0.0005EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cevik Informatics Online Payment System allows SQL Injection.This issue affects Online Payment System: before...
9.8CVSS
9.8AI Score
0.001EPSS
The WooCommerce CVR Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refresh_order_cvr_data AJAX action in versions up to 6.1.0. This makes it possible for authenticated attackers with contributor-level access and...
4.3CVSS
5.2AI Score
0.0004EPSS
The Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, 107, 108, allows an attacker to upload the XML file as an attachment. When clicked on the XML file in the attachment section, the file gets opened in the browser to cause the entity loops to slow...
4.3CVSS
4.7AI Score
0.0005EPSS
The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.7.7. This is due to insufficient verification on the user being supplied during a Stripe checkout through the plugin. This allows unauthenticated attackers to...
9.8CVSS
9.6AI Score
0.001EPSS
The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to file type validation occurring after a file has been uploaded to the server in the upload_post_image() function in versions up to, and including, 1.24.6. This makes it possible for unauthenticated attackers to...
9.8CVSS
9.7AI Score
0.072EPSS
The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the eh_callback_handler function in versions up to, and including, 3.7.9. This makes it possible for unauthenticated attackers to modify the order.....
5.3CVSS
6.2AI Score
0.001EPSS
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Paytm Paytm Payment Donation plugin <= 2.2.0...
6.1CVSS
6AI Score
0.0005EPSS
The Forminator – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.13.4. This is due to missing or incorrect nonce validation on the listen_for_saving_export_schedule() function. This makes it...
4.3CVSS
4.3AI Score
0.001EPSS