34 matches found
CVE-2024-6205 PayPlus Payment Gateway < 6.6.9 - Unauthenticated SQLi
The PayPlus Payment Gateway WordPress plugin before 6.6.9 does not properly sanitise and escape a parameter before using it in a SQL statement via a WooCommerce API route available to unauthenticated users, leading to an SQL injection vulnerability...
CVE-2024-37564
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in PayPlus LTD PayPlus Payment Gateway.This issue affects PayPlus Payment Gateway: from n/a through 7.0.7...
CVE-2024-37564 WordPress PayPlus Payment Gateway plugin <= 7.0.7 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in PayPlus LTD PayPlus Payment Gateway.This issue affects PayPlus Payment Gateway: from n/a through 7.0.7...
CVE-2024-37564 WordPress PayPlus Payment Gateway plugin <= 7.0.7 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in PayPlus LTD PayPlus Payment Gateway.This issue affects PayPlus Payment Gateway: from n/a through 7.0.7...
CVE-2024-37564
CVE-2024-37564 is an SQL injection in the PayPlus Payment Gateway WordPress plugin. The vulnerability affects PayPlus Payment Gateway versions up to and including 7.0.7 and requires authentication (Subscriber+). Wordfence documents label it as “Patched” for PayPlus, indicating a fix is available ...
WordPress plugin PayPlus Payment Gateway security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in th...
PT-2024-27663 · Unknown · Payplus Payment Gateway
Name of the Vulnerable Software and Affected Versions: PayPlus Payment Gateway versions 7.0.7 and earlier Description: The issue is related to an SQL Injection vulnerability due to the improper neutralization of special elements used in an SQL command. This allows for potential exploitation...
WordPress PayPlus Payment Gateway plugin <= 7.0.7 - SQL Injection vulnerability
SQL Injection vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin PayPlus Payment Gateway versions = 7.0.7...
WordPress PayPlus Payment Gateway Plugin <= 7.0.7 is vulnerable to SQL Injection
Software PayPlus Payment Gateway Type Plugin Vulnerable versions = 7.0.7 Fixed in 7.0.8 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-37564 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 282d31811f37 Credits LVT-tholv2k Required privilege Subscrib...
WordPress PayPlus Payment Gateway plugin <= 6.6.8 - Unauthenticated SQL Injection vulnerability
Unauthenticated SQL Injection vulnerability discovered by Project Black in WordPress Plugin PayPlus Payment Gateway versions = 6.6.8...
WordPress PayPlus Payment Gateway Plugin <= 6.6.8 is vulnerable to SQL Injection
Software PayPlus Payment Gateway Type Plugin Vulnerable versions = 6.6.8 Fixed in 6.6.9 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-6205 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 47e962c92ffc Credits Project Black Required privilege...
WordPress PayPlus Payment Gateway plugin <= 6.6.8 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh Patchstack Alliance in WordPress Plugin PayPlus Payment Gateway versions = 6.6.8...
WordPress PayPlus Payment Gateway Plugin <= 6.6.8 is vulnerable to Cross Site Scripting (XSS)
Software PayPlus Payment Gateway Type Plugin Vulnerable versions = 6.6.8 Fixed in 6.6.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37459 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3897da93b46e Credits Le Ngoc Anh Required...
PAYplus - Customized SSL, Runtime command execution, SD-card access vulnerabilities
HackApp vulnerability scanner discovered that application PAYplus published at the 'play' market has multiple vulnerabilities...