3 matches found
CVE-2026-47696
WWBN AVideo is an open source video platform. In 29.0 and earlier, plugin/AuthorizeNet/processPayment.json.php credits the logged-in user's wallet based only on the attacker-controlled amount POST parameter. The endpoint contains a TODO for real Authorize.Net charging, hardcodes $paymentSuccess =...
CVE-2025-15033
CVE-2025-15033 affects WooCommerce core 8.1–10.4.2 under a specific site configuration, allowing logged-in customers to view guest order data. The issue is mitigated by patches in 10.4.3 and backported to 8.1.3; sites on 8.0 or earlier are not affected. If applicable, upgrade to 10.4.3 or 8.1.3+ ...
WordPress Users to CSV plugin cross-site request forgery vulnerability
WordPress is a blogging platform developed using the PHP language that allows users to set up their own websites on servers that support PHP and MySQL databases. WordPress can also be used as a content management system CMS. A cross-site request forgery vulnerability exists in the WordPress Users...