Lucene search
K

277 matches found

wpexploit
wpexploit
added 2020/11/22 12:0 a.m.32 views

WooCommerce Anti-Fraud <= 3.2 - Unauthenticated Order Status Manipulation

The WooCommerce Anti-Fraud WordPress plugin was affected by an issue where an unauthenticated user could change the order status of any order, as there were no checks when changing the order status. The orderid was also predictable. On an individual level, if you have already received your order,...

0.5AI score
Exploits0References2
Snyk
Snyk
added 2020/11/13 5:18 p.m.5 views

Information Exposure

Overview spreeapi is a Spree Api module Affected versions of this package are vulnerable to Information Exposure. An attacker can query the API v2 Order Status endpoint with an empty string passed as an Order token. Remediation Upgrade spreeapi to version 3.7.13, 4.0.5, 4.1.12 or higher. Referenc...

7.7CVSS6.9AI score0.01111EPSS
Exploits1References2
RubySec
RubySec
added 2020/11/13 12:0 a.m.27 views

Authorization bypass in Spree

Impact The perpetrator could query the API v2 Order Status https://guides.spreecommerce.org/api/v2/storefronttag/Order-Status endpoint with an empty string passed as an Order token Patches Please upgrade to 3.7.11, 4.0.4, or 4.1.11 depending on your used Spree version. Users of Spree 3.7 are not...

7.7CVSS6.7AI score0.01111EPSS
Exploits1References1Affected Software1
0day.today
0day.today
added 2020/02/26 12:0 a.m.181 views

WordPress WooCommerce CardGate Payment Gateway 3.1.15 Plugin - Payment Process Bypass Exploit

Exploit for php platform in category web applications Exploit Title: WordPress Plugin WooCommerce CardGate Payment Gateway 3.1.15 - Payment Process Bypass Exploit Author: GeekHack Vendor Homepage: https://www.cardgate.com www.curopayments.com Software Link:...

0.2AI score0.04877EPSS
Exploits6
0day.today
0day.today
added 2020/02/26 12:0 a.m.194 views

Magento WooCommerce CardGate Payment Gateway 2.0.30 - Payment Process Bypass Exploit

Exploit for php platform in category web applications Exploit Title: Magento WooCommerce CardGate Payment Gateway 2.0.30 - Payment Process Bypass Exploit Author: GeekHack Vendor Homepage: https://www.cardgate.com www.curopayments.com Software Link:...

0.1AI score0.0417EPSS
Exploits5
Prion
Prion
added 2020/02/25 2:15 a.m.15 views

Authentication flaw

An issue was discovered in the CardGate Payments plugin through 3.1.15 for WooCommerce. Lack of origin authentication in the IPN callback processing function in cardgate/cardgate.php allows an attacker to remotely replace critical plugin settings merchant ID, secret key, etc. and therefore bypass...

5.5CVSS8AI score0.04877EPSS
Exploits6References5Affected Software1
exploitpack
exploitpack
added 2020/02/25 12:0 a.m.89 views

WordPress Plugin WooCommerce CardGate Payment Gateway 3.1.15 - Payment Process Bypass

WordPress Plugin WooCommerce CardGate Payment Gateway 3.1.15 - Payment Process Bypass Exploit Title: WordPress Plugin WooCommerce CardGate Payment Gateway 3.1.15 - Payment Process Bypass Discovery Date: 2020-02-02 Public Disclosure Date: 2020-02-22 Exploit Author: GeekHack Vendor Homepage:...

5.5CVSS0.3AI score0.04877EPSS
Exploits6
Exploit DB
Exploit DB
added 2020/02/25 12:0 a.m.213 views

WordPress Plugin WooCommerce CardGate Payment Gateway 3.1.15 - Payment Process Bypass

Exploit Title: WordPress Plugin WooCommerce CardGate Payment Gateway 3.1.15 - Payment Process Bypass Discovery Date: 2020-02-02 Public Disclosure Date: 2020-02-22 Exploit Author: GeekHack Vendor Homepage: https://www.cardgate.com www.curopayments.com Software Link:...

8.1CVSS8.1AI score0.04877EPSS
Exploits6
wpexploit
wpexploit
added 2020/02/22 12:0 a.m.40 views

CardGate < 3.1.16 - Unauthorised Payments Hijacking and Order Status Spoofing

Lack of origin authentication CWE-346 at IPN callback processing function allow even unauthorized attacker to remotely replace critical plugin settings merchant id, secret key etc with known to him and therefore bypass payment process eg. spoof order status by manually sending IPN callback reques...

5.5CVSS0.04877EPSS
Exploits6References2
WPVulnDB
WPVulnDB
added 2020/02/22 12:0 a.m.18 views

CardGate < 3.1.16 - Unauthorised Payments Hijacking and Order Status Spoofing

Lack of origin authentication CWE-346 at IPN callback processing function allow even unauthorized attacker to remotely replace critical plugin settings merchant id, secret key etc with known to him and therefore bypass payment process eg. spoof order status by manually sending IPN callback reques...

5.5CVSS0.8AI score0.04877EPSS
Exploits6References2Affected Software1
Veracode
Veracode
added 2019/10/30 4:58 a.m.21 views

Unauthorized Form Data Modification

cezerin is vulnerable to unauthorized form data modification. Internal attributes such as paid and tax in the getValidDocumentForUpdate function in api/server/services/orders/orders.js can be overwritten using a conflicting name from user-input. This allows a malicious user to manipulate an order...

7.5CVSS3.1AI score0.00971EPSS
Exploits1References1Affected Software1
Hacker One
Hacker One
added 2019/05/30 7:1 p.m.17 views

Automattic: Gaining unlimited bonus points on websites with WooCommerce Points and Rewards

In WooCommerce Points and Rewards plugin there is an assumption that Processing order status is only for paid orders. However, this assumption is wrong for payment gateway Cash On Delivery, which immediately changes order status to Processing on all new orders. Plugin then increases bonus points...

1.5AI score
Exploits0
Packet Storm
Packet Storm
added 2019/02/19 12:0 a.m.65 views

WordPress WooCommerce GloBee Payment Gateway 1.1.1 Bypass / Spoofing

?php Exploit Title: WordPress WooCommerce - GloBee cryptocurrency Payment Gateway Plugin Payment Bypass / Unauthorized Order Status Spoofing Discovery Date: 14.12.2018 Public Disclosure Date: 14.02.2019 Exploit Author: GeekHack Contact: https://t.me/GeekHack Vendor Homepage: https://globee.com/...

7.6AI score0.10009EPSS
Exploits5
exploitpack
exploitpack
added 2019/02/18 12:0 a.m.82 views

WordPress Plugin WooCommerce - GloBee (cryptocurrency) Payment Gateway 1.1.1 - Payment Bypass Unauthorized Order Status Spoofing

WordPress Plugin WooCommerce - GloBee cryptocurrency Payment Gateway 1.1.1 - Payment Bypass Unauthorized Order Status Spoofing ?php Exploit Title: WordPress WooCommerce - GloBee cryptocurrency Payment Gateway Plugin Payment Bypass / Unauthorized Order Status Spoofing Discovery Date: 14.12.2018...

5CVSS0.2AI score0.10009EPSS
Exploits5
Drupal
Drupal
added 2018/07/11 12:0 a.m.10 views

Commerce Custom Order Status - Moderately critical - Cross Site Scripting - SA-CONTRIB-2018-046

Commerce Custom Order Status provides forms for administrators to add, edit, and delete order statuses from the order settings screen. The module doesn't sufficiently sanitize the output of the status names. This vulnerability is mitigated by the fact that an attacker must have a role with the...

6.5AI score
Exploits0References5
CNVD
CNVD
added 2016/04/24 12:0 a.m.4 views

modified eCommerce SQL Injection Vulnerability

modified eCommerce is an open source store software. Modified eCommerce suffers from a SQL injection vulnerability due to the easybillcsv.php file failing to adequately filter the 'ordersstatus' and 'customersstatus ' GET parameters, allowing remote attackers to submit specially crafted SQL queri...

9.8CVSS8.1AI score0.0373EPSS
Exploits5References1
Drupal
Drupal
added 2010/06/16 12:0 a.m.14 views

SA-CONTRIB-2010-062 - Ogone | Ubercart payment - Access Bypass

Ogone | Ubercart payment is a payment module for Ubercart that integrates Ogone PSP gateway as a checkout method for Ubercart. The module does not always correctly verify the order status returned by the Ogone gateway, potentially allowing unpaid orders to be processed. Versions affected Ogone |...

7AI score
Exploits0References7
Rows per page
Query Builder