CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9 matches found

CVE•added 2026/04/06 9:45 p.m.•9 views

CVE-2026-35448

CVE-2026-35448 / GHSA-3V7M-QG4X-58H9 : The BlockonomicsYPT integration in AVideo exposes an unauthenticated check.php endpoint that returns payment order data for any Bitcoin address without requiring login or access control. The endpoint accepts an addr parameter and returns fields such as id, u...

3.7CVSS5.9AI score0.00019EPSS

Exploits1References1Affected Software1

Github Security Blog•added 2026/04/04 6:15 a.m.•5 views

AVideo: Unauthenticated Access to Payment Order Data via BlockonomicsYPT check.php

Summary The BlockonomicsYPT plugin's check.php endpoint returns payment order data for any Bitcoin address without requiring authentication. The endpoint was designed as an AJAX polling helper for the authenticated invoice.php page, but it performs no access control checks of its own. Since Bitco...

3.7CVSS5.9AI score0.00019EPSS

Exploits1References3Affected Software1

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2022-49920

Malicious code in bioql PyPI...

7.1CVSS6.3AI score0.004EPSS

Exploits0References1

RedhatCVE•added 2025/02/06 12:10 a.m.•4 views

CVE-2022-47145

Reflected Cross-Site Scripting XSS vulnerability in Blockonomics WordPress Bitcoin Payments – Blockonomics plugin = 3.5.7 versions...

7.1CVSS5.8AI score0.004EPSS

Exploits0

OSV•added 2023/03/23 5:15 p.m.•2 views

CVE-2022-47145

Reflected Cross-Site Scripting XSS vulnerability in Blockonomics WordPress Bitcoin Payments – Blockonomics plugin = 3.5.7 versions...

6.1CVSS5.8AI score

Exploits0References1

Vulnrichment•added 2023/03/23 4:3 p.m.•6 views

CVE-2022-47145 WordPress Blockonomics Plugin <= 3.5.7 is vulnerable to Cross Site Scripting (XSS)

Reflected Cross-Site Scripting XSS vulnerability in Blockonomics WordPress Bitcoin Payments – Blockonomics plugin = 3.5.7 versions...

7.1CVSS6.2AI score0.004EPSS

Exploits0References1

Positive Technologies•added 2023/03/23 12:0 a.m.•2 views

PT-2023-15191 · Blockonomics · Blockonomics Wordpress Bitcoin Payments

Name of the Vulnerable Software and Affected Versions: Blockonomics WordPress Bitcoin Payments – Blockonomics plugin versions = 3.5.7 Description: The issue is a Reflected Cross-Site Scripting XSS vulnerability. This means an attacker can inject malicious scripts into a website, potentially...

7.1CVSS6AI score0.004EPSS

Exploits0References4

WPVulnDB•added 2023/01/03 12:0 a.m.•14 views

Blockonomics < 3.5.8 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the filterby parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS5.9AI score0.004EPSS

Exploits0Affected Software1

Patchstack•added 2023/01/03 12:0 a.m.•5 views

WordPress Blockonomics Plugin <= 3.5.7 is vulnerable to Cross Site Scripting (XSS)

Software Blockonomics Type Plugin Vulnerable versions = 3.5.7 Fixed in 3.5.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID a483f702894f Credits N/A Required privilege...

5.9AI score

Exploits0References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by