62 matches found
CVE-2021-4411 WP EasyPay – Square for WordPress <= 3.2.0 - Cross-Site Request Forgery Bypass
The WP EasyPay – Square for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.0. This is due to missing or incorrect nonce validation on the wpepdownloadtransactioninexcel function. This makes it possible for unauthenticated attackers...
CVE-2021-4411 WP EasyPay – Square for WordPress <= 3.2.0 - Cross-Site Request Forgery Bypass
The WP EasyPay – Square for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.0. This is due to missing or incorrect nonce validation on the wpepdownloadtransactioninexcel function. This makes it possible for unauthenticated attackers...
CVE-2021-4411
CVE-2021-4411 involves the WP EasyPay – Square for WordPress plugin for WordPress, with a Cross-Site Request Forgery flaw up to version 3.2.0 caused by missing or incorrect nonce validation in the wpep_download_transaction_in_excel() function. This allows unauthenticated attackers to trigger a tr...
WordPress Plugin WP EasyPay – Square for WordPress 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin WP EasyPay...
CVE-2022-47177 WordPress WP EasyPay Plugin <= 4.1 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in WP Easy Pay WP EasyPay – Square for WordPress plugin = 4.1 versions...
CVE-2022-47177 WordPress WP EasyPay Plugin <= 4.1 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in WP Easy Pay WP EasyPay – Square for WordPress plugin = 4.1 versions...
CVE-2022-47177
CVE-2022-47177 is a CSRF vulnerability in the WP EasyPay – Square for WordPress plugin affecting versions
WordPress plugin WP EasyPay 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...
WordPress WP EasyPay Plugin < 4.1 is vulnerable to Cross Site Scripting (XSS)
Software WP EasyPay Type Plugin Vulnerable versions 4.1 Fixed in 4.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1465 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 2b3a789b9109 Credits Pablo Sanchez Required privilege...
WP EasyPay < 4.1 - Reflected Cross-Site Scripting
The plugin does not escape some generated URLs before outputting them back in pages, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin PoC When there is no account connected, make a logged in admin open...
WP EasyPay < 4.1 - Reflected Cross-Site Scripting
The plugin does not escape some generated URLs before outputting them back in pages, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin When there is no account connected, make a logged in admin open...
WordPress WP EasyPay Plugin <= 4.2 is vulnerable to Cross Site Request Forgery (CSRF)
Software WP EasyPay Type Plugin Vulnerable versions = 4.2 Fixed in 4.2.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47177 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 296171c4917c Credits Cat Required privilege...
WP EasyPay < 4.1 - CSRF
The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
WordPress WP EasyPay plugin < 4.0.2 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress WP EasyPay plugin versions 4.0.2. Solution Update the WordPress WP EasyPay plugin to the latest available version at least 4.0.2...
WordPress WP EasyPay plugin < 4.0.2 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress WP EasyPay plugin versions 4.0.2. Solution Update the WordPress WP EasyPay plugin to the latest available version at least 4.0.2...
WordPress WP EasyPay plugin <= 3.2.0 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability discovered by Jerome Bruandet NinTechNet in WordPress WP EasyPay plugin versions = 3.2.0. Solution Update the WordPress WP EasyPay plugin to the latest available version at least 3.2.3...
CVE-2020-13893
Multiple stored cross-site scripting XSS vulnerabilities in Sage EasyPay 10.7.5.10 allow authenticated attackers to inject arbitrary web script or HTML via multiple parameters through Unicode Transformations Best-fit Mapping, as demonstrated by the full-width variants of the less-than sign...
CVE-2020-13893
Multiple stored cross-site scripting XSS vulnerabilities in Sage EasyPay 10.7.5.10 allow authenticated attackers to inject arbitrary web script or HTML via multiple parameters through Unicode Transformations Best-fit Mapping, as demonstrated by the full-width variants of the less-than sign...
Cross site scripting
Multiple stored cross-site scripting XSS vulnerabilities in Sage EasyPay 10.7.5.10 allow authenticated attackers to inject arbitrary web script or HTML via multiple parameters through Unicode Transformations Best-fit Mapping, as demonstrated by the full-width variants of the less-than sign...
CVE-2020-13893
Multiple stored cross-site scripting XSS vulnerabilities in Sage EasyPay 10.7.5.10 allow authenticated attackers to inject arbitrary web script or HTML via multiple parameters through Unicode Transformations Best-fit Mapping, as demonstrated by the full-width variants of the less-than sign...