Lucene search
K

62 matches found

Cvelist
Cvelist
added 2023/07/12 3:40 a.m.30 views

CVE-2021-4411 WP EasyPay – Square for WordPress <= 3.2.0 - Cross-Site Request Forgery Bypass

The WP EasyPay – Square for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.0. This is due to missing or incorrect nonce validation on the wpepdownloadtransactioninexcel function. This makes it possible for unauthenticated attackers...

4.3CVSS4.6AI score0.00351EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2023/07/12 3:40 a.m.17 views

CVE-2021-4411 WP EasyPay – Square for WordPress <= 3.2.0 - Cross-Site Request Forgery Bypass

The WP EasyPay – Square for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.0. This is due to missing or incorrect nonce validation on the wpepdownloadtransactioninexcel function. This makes it possible for unauthenticated attackers...

4.3CVSS5.8AI score0.00351EPSS
Exploits0References10
CVE
CVE
added 2023/07/12 3:40 a.m.82 views

CVE-2021-4411

CVE-2021-4411 involves the WP EasyPay – Square for WordPress plugin for WordPress, with a Cross-Site Request Forgery flaw up to version 3.2.0 caused by missing or incorrect nonce validation in the wpep_download_transaction_in_excel() function. This allows unauthenticated attackers to trigger a tr...

4.3CVSS4.3AI score0.00351EPSS
Exploits0References10Affected Software1
CNNVD
CNNVD
added 2023/07/12 12:0 a.m.8 views

WordPress Plugin WP EasyPay – Square for WordPress 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin WP EasyPay...

4.3CVSS5AI score0.00351EPSS
Exploits0References11
Vulnrichment
Vulnrichment
added 2023/05/25 9:51 a.m.11 views

CVE-2022-47177 WordPress WP EasyPay Plugin <= 4.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in WP Easy Pay WP EasyPay – Square for WordPress plugin = 4.1 versions...

4.3CVSS7.3AI score0.003EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/05/25 9:51 a.m.22 views

CVE-2022-47177 WordPress WP EasyPay Plugin <= 4.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in WP Easy Pay WP EasyPay – Square for WordPress plugin = 4.1 versions...

4.3CVSS9.1AI score0.003EPSS
Exploits0References1
CVE
CVE
added 2023/05/25 9:51 a.m.51 views

CVE-2022-47177

CVE-2022-47177 is a CSRF vulnerability in the WP EasyPay – Square for WordPress plugin affecting versions

8.8CVSS6.6AI score0.003EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/05/25 12:0 a.m.4 views

WordPress plugin WP EasyPay 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

8.8CVSS8.2AI score0.003EPSS
Exploits0References2
Patchstack
Patchstack
added 2023/05/02 12:0 a.m.14 views

WordPress WP EasyPay Plugin < 4.1 is vulnerable to Cross Site Scripting (XSS)

Software WP EasyPay Type Plugin Vulnerable versions 4.1 Fixed in 4.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1465 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 2b3a789b9109 Credits Pablo Sanchez Required privilege...

6.1CVSS5.9AI score0.00458EPSS
Exploits2References3Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/01 12:0 a.m.16 views

WP EasyPay < 4.1 - Reflected Cross-Site Scripting

The plugin does not escape some generated URLs before outputting them back in pages, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin PoC When there is no account connected, make a logged in admin open...

8.5AI score0.00458EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2023/05/01 12:0 a.m.133 views

WP EasyPay < 4.1 - Reflected Cross-Site Scripting

The plugin does not escape some generated URLs before outputting them back in pages, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin When there is no account connected, make a logged in admin open...

8.7AI score0.00458EPSS
Exploits2
Patchstack
Patchstack
added 2023/04/14 12:0 a.m.11 views

WordPress WP EasyPay Plugin <= 4.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP EasyPay Type Plugin Vulnerable versions = 4.2 Fixed in 4.2.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47177 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 296171c4917c Credits Cat Required privilege...

8.8CVSS7AI score0.003EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/14 12:0 a.m.16 views

WP EasyPay < 4.1 - CSRF

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS6.7AI score0.003EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.10 views

WordPress WP EasyPay plugin < 4.0.2 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress WP EasyPay plugin versions 4.0.2. Solution Update the WordPress WP EasyPay plugin to the latest available version at least 4.0.2...

3.1AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.8 views

WordPress WP EasyPay plugin < 4.0.2 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress WP EasyPay plugin versions 4.0.2. Solution Update the WordPress WP EasyPay plugin to the latest available version at least 4.0.2...

2.1AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2021/07/05 12:0 a.m.9 views

WordPress WP EasyPay plugin <= 3.2.0 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by Jerome Bruandet NinTechNet in WordPress WP EasyPay plugin versions = 3.2.0. Solution Update the WordPress WP EasyPay plugin to the latest available version at least 3.2.3...

2.5AI score
Exploits0References2Affected Software1
NVD
NVD
added 2020/10/18 7:15 p.m.18 views

CVE-2020-13893

Multiple stored cross-site scripting XSS vulnerabilities in Sage EasyPay 10.7.5.10 allow authenticated attackers to inject arbitrary web script or HTML via multiple parameters through Unicode Transformations Best-fit Mapping, as demonstrated by the full-width variants of the less-than sign...

5.4CVSS0.00526EPSS
Exploits0References2
OSV
OSV
added 2020/10/18 7:15 p.m.5 views

CVE-2020-13893

Multiple stored cross-site scripting XSS vulnerabilities in Sage EasyPay 10.7.5.10 allow authenticated attackers to inject arbitrary web script or HTML via multiple parameters through Unicode Transformations Best-fit Mapping, as demonstrated by the full-width variants of the less-than sign...

5.4CVSS6.1AI score0.00526EPSS
Exploits0References2
Prion
Prion
added 2020/10/18 7:15 p.m.23 views

Cross site scripting

Multiple stored cross-site scripting XSS vulnerabilities in Sage EasyPay 10.7.5.10 allow authenticated attackers to inject arbitrary web script or HTML via multiple parameters through Unicode Transformations Best-fit Mapping, as demonstrated by the full-width variants of the less-than sign...

3.5CVSS5.2AI score0.00526EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/10/18 6:55 p.m.28 views

CVE-2020-13893

Multiple stored cross-site scripting XSS vulnerabilities in Sage EasyPay 10.7.5.10 allow authenticated attackers to inject arbitrary web script or HTML via multiple parameters through Unicode Transformations Best-fit Mapping, as demonstrated by the full-width variants of the less-than sign...

5.4AI score0.00526EPSS
Exploits0References2
Rows per page
Query Builder