15 matches found
CVE-2026-57536 Insufficient validation of payment status in pretix-mollie
Our payment integration with Mollie did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one payment...
EUVD-2022-51421
Malicious code in bioql PyPI...
EUVD-2023-59669
Malicious code in bioql PyPI...
EUVD-2023-59674
Malicious code in bioql PyPI...
EUVD-2024-22461
Malicious code in bioql PyPI...
CVE-2023-7294
The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the createmollieprofile function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-leve...
CVE-2023-7294
The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the createmollieprofile function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-leve...
CVE-2023-7292 Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'paytium_notice_dismiss'
The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized notification dismissal due to a missing capability check on the paytiumnoticedismiss function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with...
CVE-2023-7291
The Paytium: Mollie payment forms & donations WordPress plugin (up to 4.3.7) is vulnerable due to a missing capability check in create_mollie_account, allowing authenticated subscribers to remotely set up a Mollie account and modify data. Impact is high (data integrity risk; potential confidentia...
CVE-2023-7287
The CVE-2023-7287 entry concerns the WordPress Paytium: Mollie payment forms & donations plugin (versions up to and including 4.3.7). The root cause is a missing capability check in the pt_cancel_subscription function, allowing authenticated users with subscriber-level access to cancel subscripti...
VulnCheck KEV: CVE-2023-7289
The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized API key update due to a missing capability check on the paytiumswsaveapikeys function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with...
PT-2024-15271 · WordPress · The Paytium: Mollie Payment Forms & Donations
Name of the Vulnerable Software and Affected Versions: The Paytium: Mollie payment forms & donations plugin for WordPress versions up to, and including, 4.3.7 Description: The issue is related to unauthorized access of data due to a missing capability check on the check for verified profiles...
CVE-2024-25099
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in David de Boer Paytium: Mollie payment forms & donations allows Stored XSS.This issue affects Paytium: Mollie payment forms & donations: from n/a through 4.4.2...
Cross site scripting
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in David de Boer Paytium: Mollie payment forms & donations allows Stored XSS.This issue affects Paytium: Mollie payment forms & donations: from n/a through 4.4.2...
Doneren met Mollie < 2.8.5 - Unauthorised CSV Export leading to Sensitive Data Disclosure
The plugin did not check for user capability in the dmmexportdonations function, allowing any authenticated user to export a CSV file containing all donors personal information. GET /wp-admin/admin-post.php?action=dmmexport...