EUVD-2015-9204

Malware in sbrugna...

CVE-2023-6187

The Paid Memberships Pro plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'pmpropaypalexpresssessionvarsforuserfields' function in versions up to, and including, 2.12.3. This makes it possible for authenticated attackers with subscriber...

CVE-2015-9364

2Checkout Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via addqueryarg and removequeryarg...

CVE-2024-0629 2Checkout Payment Gateway for WooCommerce <= 6.2 - Missing Authorization via sniff_ins

The 2Checkout Payment Gateway for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sniffins function in all versions up to, and including, 6.2. This makes it possible for unauthenticated attackers to make changes to order...

CVE-2024-0629

The CVE-2024-0629 entry concerns the WordPress plugin “2Checkout Payment Gateway for WooCommerce.” All versions up to and including 6.2 are affected by an unauthorized data modification flaw caused by a missing capability check in the sniff_ins function, enabling unauthenticated attackers to alte...

2Checkout Payment Gateway for WooCommerce <= 6.2 - Missing Authorization via sniff_ins

Description The 2Checkout Payment Gateway for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sniffins function in all versions up to, and including, 6.2. This makes it possible for unauthenticated attackers to make...

Input validation

The Paid Memberships Pro plugin for WordPress is vulnerable to arbitrary file uploads to insufficient file type validation in the 'pmpropaypalexpresssessionvarsforuserfields' function in versions up to, and including, 2.12.3. This makes it possible for authenticated attackers with subscriber...

CVE-2023-6187 Paid Memberships Pro <= 2.12.3 - Authenticated (Subscriber+) Arbitrary File Upload

The Paid Memberships Pro plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'pmpropaypalexpresssessionvarsforuserfields' function in versions up to, and including, 2.12.3. This makes it possible for authenticated attackers with subscriber...

CVE-2023-6187

CVE-2023-6187 — Paid Memberships Pro (WordPress) Product: Paid Memberships Pro plugin for WordPress. Affected versions: up to 2.12.3. Vulnerability: Arbitrary file upload due to insufficient validation in pmpro_paypalexpress_session_vars_for_user_fields. This can allow an authenticated user with ...

PT-2023-32556 · WordPress · Paid Memberships Pro

Name of the Vulnerable Software and Affected Versions: Paid Memberships Pro plugin for WordPress versions up to, and including, 2.12.3 Description: The issue arises from insufficient file type validation in the pmpro paypalexpress session vars for user fields function. This allows authenticated...

CVE-2015-9364

2Checkout Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via addqueryarg and removequeryarg...

Design/Logic Flaw

2Checkout Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via addqueryarg and removequeryarg...

CVE-2015-9364

CVE-2015-9364 affects the WordPress plugin component “2Checkout Add-on for iThemes Exchange.” It describes a Cross-Site Scripting (XSS) vulnerability via add_query_arg() and remove_query_arg() in versions before 1.1.0. The underlying issue is unsafe handling of query arguments in the plugin, enab...

CVE-2015-9364

2Checkout Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via addqueryarg and removequeryarg...

2checkout.com XSS vulnerability

Open Bug Bounty ID: OBB-719850 Description| Value ---|--- Affected Website:| 2checkout.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| hidden...

2checkout.com XSS vulnerability

Open Bug Bounty ID: OBB-712895 Description| Value ---|--- Affected Website:| 2checkout.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| hidden...

2checkout.com XSS vulnerability

Open Bug Bounty ID: OBB-710165 Description| Value ---|--- Affected Website:| 2checkout.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| hidden...

Ktools Photostore 4.7.5 - Multiple Vulnerabilities

Ktools Photostore 4.7.5 - Multiple Vulnerabilities -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Ktools Photostore = 4.7.5 Multiple Vulnerabilities Bug discovered by Yakir Wizman Date 01/07/2016 Affected versions prior to 4.7.5 Vendor Homepage - http://www.ktools.net...

Ktools Photostore 4.7.5 - Multiple Vulnerabilities

Exploit for php platform in category web applications -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Ktools Photostore = 4.7.5 Multiple Vulnerabilities Bug discovered by Yakir Wizman Date 01/07/2016 Affected versions prior to 4.7.5 Vendor Homepage - http://www.ktools.net...

WordPress Donate 2.0.1 Cross Site Scripting

Plugin Name : Donate Effected Version : 2.0.1 and most probably lower version's if any Vulnerability : A3-Cross-Site Scripting XSS Identified by : Madhu Akula Technical Details Minimum Level of Access Required : Administrator PoC - Proof of Concept : The following field put the payload as below...