CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5357 matches found

CVE-2025-69189

Missing Authorization vulnerability in EMV JobBank allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JobBank: from n/a through 1.2.3...

7.3CVSS

Exploits0References1

Nuclei•added 15 hours ago•98 views

WordPress PhonePe Payment Solutions <=1.0.15 - Server-Side Request Forgery

WordPress PhonePe Payment Solutions plugin through 1.0.15 is susceptible to server-side request forgery. An attacker can cause a website to execute website requests to an arbitrary domain, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized...

7.5CVSS7.8AI score0.36106EPSS

Exploits0References4

Nuclei•added 15 hours ago•69 views

PayPlus Payment Gateway < 6.6.9 - SQL Injection

The PayPlus Payment Gateway WordPress plugin before 6.6.9 does not properly sanitise and escape a parameter before using it in a SQL statement via a WooCommerce API route available to unauthenticated users, leading to an SQL injection vulnerability. id: CVE-2024-6205 info: name: PayPlus Payment...

9.8CVSS8.6AI score0.04168EPSS

Exploits4References3

Nuclei•added 15 hours ago•28 views

Payment Gateway for Telcell < 2.0.4 - Open Redirect

The plugin does not validate the apiurl parameter before redirecting the user to its value, leading to an Open Redirect issue id: CVE-2023-6786 info: name: Payment Gateway for Telcell 2.0.4 - Open Redirect author: s4e-io severity: medium description: | The plugin does not validate the apiurl...

6.1CVSS5.2AI score0.00464EPSS

Exploits2References2

Nuclei•added 15 hours ago•20 views

Code-Projects School Fees Payment System 1.0 - SQL Injection

A vulnerability was found in code-projects School Fees Payment System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /student.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been...

9.8CVSS7AI score0.017EPSS

Exploits1References5

NVD•added yesterday•5 views

CVE-2026-2381

The WooCommerce Stripe Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxpayfororder function in all versions up to, and including, 10.7.0 This is due to a missing order ownership or orderkey verification when...

6.5CVSS0.0047EPSS

Exploits0References6

CVE•added yesterday•10 views

CVE-2026-2381

The CVE concerns the WooCommerce Stripe Payment Gateway plugin for WordPress, affected in all versions up to 10.7.0. Root cause: missing capability check and missing order ownership/order_key verification in the wc_stripe_pay_for_order WC‑AJAX endpoint, with only a nonce validation. Impact: unaut...

6.5CVSS5.3AI score0.0047EPSS

Exploits0References6

EUVD•added yesterday•6 views

EUVD-2026-37059

6.5CVSS5.3AI score0.0047EPSS

Exploits0References6

EUVD•added 2 days ago•5 views

EUVD-2026-36918

Unauthenticated Sensitive Data Exposure in IDPay Payment Gateway for Woocommerce = 2.2.5 versions...

7.5CVSS5.2AI score0.00303EPSS

Exploits0References2

NVD•added 2 days ago•6 views

CVE-2026-49066

Unauthenticated Sensitive Data Exposure in Conekta Payment Gateway = 6.0.0 versions...

7.5CVSS0.00303EPSS

Exploits0References1

EUVD•added 2 days ago•3 views

EUVD-2026-36873

Unauthenticated Sensitive Data Exposure in Conekta Payment Gateway = 6.0.0 versions...

7.5CVSS5.2AI score0.00303EPSS

Exploits0References1

Cvelist•added 2 days ago•23 views

CVE-2026-49066 WordPress Conekta Payment Gateway plugin <= 6.0.0 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Conekta Payment Gateway = 6.0.0 versions...

7.5CVSS0.00303EPSS

Exploits0References1

Vulnrichment•added 2 days ago•3 views

CVE-2026-49066 WordPress Conekta Payment Gateway plugin <= 6.0.0 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Conekta Payment Gateway = 6.0.0 versions...

7.5CVSS5.2AI score0.00303EPSS

Exploits0References1

CVE•added 2 days ago•6 views

CVE-2026-42655

CVE-2026-42655 affects the WordPress plugin “Best Payments Plugin for WP” (versions ≤ 4.6.19). The vulnerability is an unauthenticated payment bypass (unvalidated access) in the plugin, enabling bypass without credentials. CVSS‑3.1 base score 5.9 (MEDIUM) with attack vector Network, attack comple...

5.9CVSS5.2AI score0.00249EPSS

Exploits0References1

Vulnrichment•added 2 days ago•4 views

CVE-2026-42655 WordPress Best Payments Plugin for WP plugin <= 4.6.19 - Payment Bypass vulnerability

Unauthenticated Bypass Vulnerability in Best Payments Plugin for WP = 4.6.19 versions...

5.9CVSS5.2AI score0.00249EPSS

Exploits0References1

CVE•added 2 days ago•5 views

CVE-2026-39524

CVE-2026-39524 affects the WordPress Masteriyo LMS plugin <= 2.1.5. The vulnerability is described as Unauthenticated Broken Access Control, enabling a payment bypass vulnerability without authentication. CVSS 3.1 base score 7.5 (HIGH) with NETWORK attack vector, LOW attack complexity, and no ...

7.5CVSS5.1AI score0.00246EPSS

Exploits0References1

Cvelist•added 2 days ago•25 views

CVE-2026-39524 WordPress Masteriyo - LMS plugin <= 2.1.5 - Payment Bypass vulnerability

Unauthenticated Broken Access Control in Masteriyo - LMS = 2.1.5 versions...

7.5CVSS0.00246EPSS

Exploits0References1

CVE•added 2 days ago•8 views

CVE-2026-34891

CVE-2026-34891 concerns the WordPress IDPay Payment Gateway for WooCommerce plugin (

7.5CVSS5.2AI score0.00303EPSS

Exploits0References1