Lucene search
K

30 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.9 views

CVE-2026-3208

The Mercado Pago payments for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'mppiximage' WooCommerce API endpoint in all versions up to, and including, 8.7.11. This makes it possible for unauthenticated attackers to retrieve...

5.3CVSS5.7AI score0.00499EPSS
Exploits0References1
CVE
CVE
added 2026/05/06 3:27 a.m.21 views

CVE-2026-3208

The CVE 2026-3208 entry concerns the Mercado Pago payments for WooCommerce plugin for WordPress. A missing capability check on the mp_pix_image endpoint allows unauthenticated access to PIX payment QR code images for arbitrary orders in all versions up to 8.7.11. The PIX QR codes expose sensitive...

5.3CVSS6AI score0.00499EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/06 3:27 a.m.7 views

CVE-2026-3208 Mercado Pago payments for WooCommerce <= 8.7.11 - Missing Authorization to Unauthenticated PIX Payment QR Code Image Disclosure

The Mercado Pago payments for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'mppiximage' WooCommerce API endpoint in all versions up to, and including, 8.7.11. This makes it possible for unauthenticated attackers to retrieve...

5.3CVSS6AI score0.00499EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.8 views

WordPress plugin Mercado Pago payments for WooCommerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

5.3CVSS6AI score0.00499EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.12 views

PT-2026-37341

The Mercado Pago payments for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'mp pix image' WooCommerce API endpoint in all versions up to, and including, 8.7.11. This makes it possible for unauthenticated attackers to retrie...

5.3CVSS6AI score0.00499EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/05/05 3:16 p.m.11 views

WordPress Mercado Pago payments for WooCommerce plugin <= 8.7.11 - Missing Authorization to Unauthenticated PIX Payment QR Code Image Disclosure vulnerability

Missing Authorization to Unauthenticated PIX Payment QR Code Image Disclosure vulnerability discovered by Muhammad Sharief in WordPress Plugin Mercado Pago payments for WooCommerce versions = 8.7.11...

5.3CVSS5.8AI score0.00499EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-47989

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.00285EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-32501

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.0067EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/10/03 11:17 a.m.9 views

CVE-2025-9885 MPWizard – Create Mercado Pago Payment Links <= 1.2.1 - Cross-Site Request Forgery to Arbitrary Post Deletion

The MPWizard – Create Mercado Pago Payment Links plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation in the '/includes/admin/class-mpwizard-table.php' file. This makes it possible for...

4.3CVSS0.00124EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/03 12:0 a.m.5 views

PT-2025-40505

Name of the Vulnerable Software and Affected Versions MPWizard – Create Mercado Pago Payment Links plugin for WordPress versions prior to 1.2.2 Description The software is susceptible to Cross-Site Request Forgery, allowing unauthenticated attackers to delete arbitrary posts. This is possible due...

4.3CVSS6.7AI score0.00124EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 9:24 a.m.6 views

CVE-2024-3934

The Mercado Pago payments for WooCommerce plugin for WordPress is vulnerable to Path Traversal in versions 7.3.0 to 7.5.1 via the mercadopagoDownloadLog function. This makes it possible for authenticated attackers, with subscriber-level access and above, to download and read the contents of...

6.5CVSS6AI score0.0067EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:47 p.m.8 views

CVE-2022-45068

Cross-Site Request Forgery CSRF vulnerability in Mercado Pago Mercado Pago payments for WooCommerce plugin = 6.3.1...

8.8CVSS7.1AI score0.00285EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/07/22 3:15 a.m.3 views

WordPress Mercado Pago payments for WooCommerce plugin 7.3.0 - 7.6.1 - Authenticated (Subscriber+) Arbitrary File Download vulnerability

WordPress Mercado Pago payments for WooCommerce plugin 7.3.0 - 7.6.1 - Authenticated Subscriber+ Arbitrary File Download vulnerability discovered by Krzysztof Zając in WordPress Plugin Mercado Pago payments for WooCommerce versions 7.3.0 - 7.6.1...

6.5CVSS7AI score0.0067EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/07/22 12:0 a.m.8 views

WordPress Mercado Pago payments for WooCommerce Plugin 7.3.0 - 7.6.1 is vulnerable to Arbitrary File Download

Software Mercado Pago payments for WooCommerce Type Plugin Vulnerable versions 7.3.0 - 7.6.1 Fixed in 7.6.2 OWASP Top 10 A3: Sensitive Data Exposure Classification Arbitrary File Download CVE CVE-2024-3934 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID e624a5a01127...

6.5CVSS6.5AI score0.0067EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2024/07/20 4:15 a.m.9 views

CVE-2024-3934

The Mercado Pago payments for WooCommerce plugin for WordPress is vulnerable to Path Traversal in versions 7.3.0 to 7.5.1 via the mercadopagoDownloadLog function. This makes it possible for authenticated attackers, with subscriber-level access and above, to download and read the contents of...

6.5CVSS0.0067EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/07/20 3:20 a.m.23 views

CVE-2024-3934 Mercado Pago payments for WooCommerce 7.3.0 - 7.6.1 - Authenticated (Subscriber+) Arbitrary File Download

The Mercado Pago payments for WooCommerce plugin for WordPress is vulnerable to Path Traversal in versions 7.3.0 to 7.5.1 via the mercadopagoDownloadLog function. This makes it possible for authenticated attackers, with subscriber-level access and above, to download and read the contents of...

6.5CVSS0.0067EPSS
Exploits0References4
CVE
CVE
added 2024/07/20 3:20 a.m.46 views

CVE-2024-3934

CVE-2024-3934 affects the Mercado Pago payments for WooCommerce plugin for WordPress. A Path Traversal flaw in versions 7.3.0–7.5.1 allows authenticated users with subscriber-level access and above to download and read arbitrary server files via mercadopagoDownloadLog. Wordfence notes the arbitra...

6.5CVSS6.3AI score0.0067EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/07/20 3:20 a.m.10 views

CVE-2024-3934 Mercado Pago payments for WooCommerce 7.3.0 - 7.6.1 - Authenticated (Subscriber+) Arbitrary File Download

The Mercado Pago payments for WooCommerce plugin for WordPress is vulnerable to Path Traversal in versions 7.3.0 to 7.5.1 via the mercadopagoDownloadLog function. This makes it possible for authenticated attackers, with subscriber-level access and above, to download and read the contents of...

6.5CVSS6.8AI score0.0067EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2023/05/23 12:0 a.m.24 views

WordPress Mercado Pago payments for WooCommerce Plugin < 6.4.0 CSRF Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mercadopago:mercadopagopaymentsforwoocommerce"; if descripti...

8.8CVSS8.8AI score0.00285EPSS
Exploits0References1
NVD
NVD
added 2023/03/01 2:15 p.m.27 views

CVE-2022-45068

Cross-Site Request Forgery CSRF vulnerability in Mercado Pago Mercado Pago payments for WooCommerce plugin = 6.3.1...

8.8CVSS6.5AI score0.00285EPSS
Exploits0References2
Rows per page
Query Builder