Lucene search
K

5 matches found

CVE
CVE
added 2026/06/17 2:21 p.m.14 views

CVE-2026-54810

The CVE-2026-54810 entry concerns the WordPress plugin Nexi XPay (≤ 8.3.1). The vulnerability is described as a Missing Authorization/ Broken Access Control issue caused by incorrectly configured access controls, affecting Nexi XPay on versions from n/a up to 8.3.1. Public metrics indicate a HIGH...

7.5CVSS5.3AI score0.00243EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/15 12:31 a.m.4 views

EUVD-2025-209461

The Nexi XPay plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization checks on the redirect function in all versions up to, and including, 8.3.0. This makes it possible for unauthenticated attackers to mark pending WooCommerce orders as paid/completed...

5.3CVSS5.8AI score0.00189EPSS
Exploits0References3
NVD
NVD
added 2026/04/14 10:16 p.m.6 views

CVE-2025-15565

The Nexi XPay plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization checks on the redirect function in all versions up to, and including, 8.3.0. This makes it possible for unauthenticated attackers to mark pending WooCommerce orders as paid/completed...

5.3CVSS0.00189EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/14 9:26 p.m.22 views

CVE-2025-15565 Nexi XPay <= 8.3.0 - Missing Authorization to Unauthenticated Order Status Modification

The Nexi XPay plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization checks on the redirect function in all versions up to, and including, 8.3.0. This makes it possible for unauthenticated attackers to mark pending WooCommerce orders as paid/completed...

5.3CVSS0.00189EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.9 views

PT-2026-32918

The Nexi XPay plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization checks on the redirect function in all versions up to, and including, 8.3.0. This makes it possible for unauthenticated attackers to mark pending WooCommerce orders as paid/completed...

5.3CVSS5.8AI score0.00189EPSS
Exploits0References4
Rows per page
Query Builder