30 matches found
CVE-2026-3208
The Mercado Pago payments for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'mppiximage' WooCommerce API endpoint in all versions up to, and including, 8.7.11. This makes it possible for unauthenticated attackers to retrieve...
CVE-2026-3208
The CVE 2026-3208 entry concerns the Mercado Pago payments for WooCommerce plugin for WordPress. A missing capability check on the mp_pix_image endpoint allows unauthenticated access to PIX payment QR code images for arbitrary orders in all versions up to 8.7.11. The PIX QR codes expose sensitive...
CVE-2026-3208 Mercado Pago payments for WooCommerce <= 8.7.11 - Missing Authorization to Unauthenticated PIX Payment QR Code Image Disclosure
The Mercado Pago payments for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'mppiximage' WooCommerce API endpoint in all versions up to, and including, 8.7.11. This makes it possible for unauthenticated attackers to retrieve...
WordPress plugin Mercado Pago payments for WooCommerce 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
PT-2026-37341
The Mercado Pago payments for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'mp pix image' WooCommerce API endpoint in all versions up to, and including, 8.7.11. This makes it possible for unauthenticated attackers to retrie...
WordPress Mercado Pago payments for WooCommerce plugin <= 8.7.11 - Missing Authorization to Unauthenticated PIX Payment QR Code Image Disclosure vulnerability
Missing Authorization to Unauthenticated PIX Payment QR Code Image Disclosure vulnerability discovered by Muhammad Sharief in WordPress Plugin Mercado Pago payments for WooCommerce versions = 8.7.11...
EUVD-2022-47989
Malicious code in bioql PyPI...
EUVD-2024-32501
Malicious code in bioql PyPI...
CVE-2025-9885 MPWizard – Create Mercado Pago Payment Links <= 1.2.1 - Cross-Site Request Forgery to Arbitrary Post Deletion
The MPWizard – Create Mercado Pago Payment Links plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation in the '/includes/admin/class-mpwizard-table.php' file. This makes it possible for...
PT-2025-40505
Name of the Vulnerable Software and Affected Versions MPWizard – Create Mercado Pago Payment Links plugin for WordPress versions prior to 1.2.2 Description The software is susceptible to Cross-Site Request Forgery, allowing unauthenticated attackers to delete arbitrary posts. This is possible due...
CVE-2024-3934
The Mercado Pago payments for WooCommerce plugin for WordPress is vulnerable to Path Traversal in versions 7.3.0 to 7.5.1 via the mercadopagoDownloadLog function. This makes it possible for authenticated attackers, with subscriber-level access and above, to download and read the contents of...
CVE-2022-45068
Cross-Site Request Forgery CSRF vulnerability in Mercado Pago Mercado Pago payments for WooCommerce plugin = 6.3.1...
WordPress Mercado Pago payments for WooCommerce plugin 7.3.0 - 7.6.1 - Authenticated (Subscriber+) Arbitrary File Download vulnerability
WordPress Mercado Pago payments for WooCommerce plugin 7.3.0 - 7.6.1 - Authenticated Subscriber+ Arbitrary File Download vulnerability discovered by Krzysztof Zając in WordPress Plugin Mercado Pago payments for WooCommerce versions 7.3.0 - 7.6.1...
WordPress Mercado Pago payments for WooCommerce Plugin 7.3.0 - 7.6.1 is vulnerable to Arbitrary File Download
Software Mercado Pago payments for WooCommerce Type Plugin Vulnerable versions 7.3.0 - 7.6.1 Fixed in 7.6.2 OWASP Top 10 A3: Sensitive Data Exposure Classification Arbitrary File Download CVE CVE-2024-3934 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID e624a5a01127...
CVE-2024-3934
The Mercado Pago payments for WooCommerce plugin for WordPress is vulnerable to Path Traversal in versions 7.3.0 to 7.5.1 via the mercadopagoDownloadLog function. This makes it possible for authenticated attackers, with subscriber-level access and above, to download and read the contents of...
CVE-2024-3934 Mercado Pago payments for WooCommerce 7.3.0 - 7.6.1 - Authenticated (Subscriber+) Arbitrary File Download
The Mercado Pago payments for WooCommerce plugin for WordPress is vulnerable to Path Traversal in versions 7.3.0 to 7.5.1 via the mercadopagoDownloadLog function. This makes it possible for authenticated attackers, with subscriber-level access and above, to download and read the contents of...
CVE-2024-3934
CVE-2024-3934 affects the Mercado Pago payments for WooCommerce plugin for WordPress. A Path Traversal flaw in versions 7.3.0–7.5.1 allows authenticated users with subscriber-level access and above to download and read arbitrary server files via mercadopagoDownloadLog. Wordfence notes the arbitra...
CVE-2024-3934 Mercado Pago payments for WooCommerce 7.3.0 - 7.6.1 - Authenticated (Subscriber+) Arbitrary File Download
The Mercado Pago payments for WooCommerce plugin for WordPress is vulnerable to Path Traversal in versions 7.3.0 to 7.5.1 via the mercadopagoDownloadLog function. This makes it possible for authenticated attackers, with subscriber-level access and above, to download and read the contents of...
WordPress Mercado Pago payments for WooCommerce Plugin < 6.4.0 CSRF Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mercadopago:mercadopagopaymentsforwoocommerce"; if descripti...
CVE-2022-45068
Cross-Site Request Forgery CSRF vulnerability in Mercado Pago Mercado Pago payments for WooCommerce plugin = 6.3.1...