2 matches found
CVE-2025-9463 Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net <= 1.117.5 - Authenticated (Contributor+) SQL Injection via order_by Parameter
The Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 1.117.5 due to insufficient escaping on the user supplied parameter and...
WordPress PeachPay Payments plugin <= 1.117.5 - Authenticated (Contributor+) SQL Injection via order_by Parameter vulnerability
Authenticated Contributor+ SQL Injection via orderby Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin PeachPay Payments versions = 1.117.5...