10 matches found
CVE-2025-11271
The Easy Digital Downloads plugin for WordPress is vulnerable to Order Manipulation in all versions up to, and including, 3.5.2 due to an order verification bypass. The verification is unconditionally skipped when the POST body includes verificationoverride=1. Because this value is...
CVE-2025-11271
The Easy Digital Downloads plugin for WordPress is vulnerable to Order Manipulation in all versions up to, and including, 3.5.2 due to an order verification bypass. The verification is unconditionally skipped when the POST body includes verificationoverride=1. Because this value is...
CVE-2025-11271
The Easy Digital Downloads plugin for WordPress is vulnerable to Order Manipulation in all versions up to, and including, 3.5.2 due to an order verification bypass. The verification is unconditionally skipped when the POST body includes verificationoverride=1. Because this value is...
CVE-2025-11271 Easy Digital Download <= 3.5.2 - Insufficient Verification to Order Manipulation
The Easy Digital Downloads plugin for WordPress is vulnerable to Order Manipulation in all versions up to, and including, 3.5.2 due to an order verification bypass. The verification is unconditionally skipped when the POST body includes verificationoverride=1. Because this value is...
CVE-2025-11271
The CVE-2025-11271 entry concerns WordPress Easy Digital Downloads (EDD) plugin versions up to and including 3.5.2. The vulnerability is an order verification bypass: the POST parameter verification_override=1 causes the verification check to be skipped unconditionally, enabling an attacker to su...
CVE-2025-11271 Easy Digital Download <= 3.5.2 - Insufficient Verification to Order Manipulation
The Easy Digital Downloads plugin for WordPress is vulnerable to Order Manipulation in all versions up to, and including, 3.5.2 due to an order verification bypass. The verification is unconditionally skipped when the POST body includes verificationoverride=1. Because this value is...
PT-2025-45174
Name of the Vulnerable Software and Affected Versions Easy Digital Downloads versions up to and including 3.5.2 Description The Easy Digital Downloads plugin for WordPress has a flaw that allows manipulation of orders. This is due to a bypass in order verification, which occurs when the...
EUVD-2015-9079
Malware in sbrugna...
Sql injection
Multiple SQL injection vulnerabilities in AlegroCart 1.2.8 allow remote administrators to execute arbitrary SQL commands via the download parameter in the 1 checkdownload and possibly 2 checkfilename function in upload/admin2/model/products/modeladmindownload.php or remote authenticated users wit...
Harvest: Client can redirect payment, causing payment discrepancy between Harvest and PayPal
Vulnerability details When a client views an invoice through the web interface, it'll show a "Pay with PayPal" button when a standard PayPal integration has been enabled. Clicking this button will submit a POST request to PayPal. This request contains a business parameter, which is the receiver o...