CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/06/05 7:39 p.m.•7 views

CVE-2026-7648

The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to payment bypass through user-controlled key in all versions up to, and including, 4.3.5. This is due to improper handling of user-supplied request parameters in the REST API endpoint, whi...

4.3CVSS5.5AI score0.00013EPSS

RedhatCVE•added 2026/06/05 7:34 p.m.•7 views

CVE-2026-1934

The Motors – Car Dealership & Classified Listings plugin for WordPress is vulnerable to Payment Bypass via insecure user meta update in all versions up to, and including, 1.4.103 This is due to the stmsaveuserextrafields function updating sensitive user meta fields from POST data without verifyin...

4.3CVSS5.5AI score0.00035EPSS

RedhatCVE•added 2026/06/05 7:33 p.m.•4 views

CVE-2026-9189

The Contact Form 7 – PayPal & Stripe Add-on plugin for WordPress is vulnerable to Payment Bypass via Insufficient Verification of Data Authenticity in all versions up to, and including, 2.4.9. Although cf7pppaypalipnhandler correctly validates IPN authenticity by posting back to PayPal with...

5.3CVSS5.6AI score0.00044EPSS

RedhatCVE•added 2026/06/05 7:32 p.m.•7 views

CVE-2026-6498

The Five Star Restaurant Reservations plugin for WordPress is vulnerable to a payment bypass via PHP type juggling in versions up to, and including, 2.7.16 This is due to the validpayment function using a PHP loose comparison == between the attacker-controlled paymentid POST parameter and the...

5.3CVSS5.4AI score0.00037EPSS

RedhatCVE•added 2026/06/05 7:29 p.m.•7 views

CVE-2026-2729

The Forminator plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.52.0. This is due to the plugin not properly verifying that a user is authorized to perform an action when processing attacker-supplied Stripe PaymentIntent identifiers in the public...

5.3CVSS5.4AI score0.00033EPSS

RedhatCVE•added 2026/06/05 7:18 p.m.•4 views

CVE-2026-45137

Anchor is a framework providing several convenient developer tools for writing Solana programs. From 1.0.0 to before 1.0.2, an logic error causes anchor programs to accept any program id when requiring the system program id, causing false assumptions resulting in potential arbitrary cpi in progra...

8.2CVSS5.6AI score0.00048EPSS

Patchstack•added 2026/06/05 12:0 a.m.•5 views

WordPress Event Monster – Event Manager, Ticket Booking & Registration plugin <= 2.1.0 - Unauthenticated Insufficient Verification of Data Authenticity to Payment Bypass vulnerability

Unauthenticated Insufficient Verification of Data Authenticity to Payment Bypass vulnerability discovered by NAKLEH ZEIDAN in WordPress Plugin Event Management Tickets Booking versions = 2.1.0...

5.3CVSS5.5AI score0.00023EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2026/06/02 10:41 a.m.•9 views

CVE-2026-42670 WordPress Five Star Restaurant Reservations plugin <= 2.7.14 - Payment Bypass vulnerability

Missing Authorization vulnerability in Etoile Web Design Incorporated Five Star Restaurant Reservations allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Five Star Restaurant Reservations: from n/a through 2.7.14...

5.8AI score0.00042EPSS

CVE•added 2026/06/02 10:41 a.m.•12 views

CVE-2026-42670

CVE-2026-42670 concerns the WordPress plugin for Five Star Restaurant Reservations (versions

7.5CVSS5.8AI score0.00042EPSS

Cvelist•added 2026/06/02 10:41 a.m.•34 views

CVE-2026-42670 WordPress Five Star Restaurant Reservations plugin <= 2.7.14 - Payment Bypass vulnerability

0.00042EPSS

Vulnrichment•added 2026/05/29 8:28 a.m.•8 views

CVE-2026-9189 Contact Form 7 – PayPal & Stripe Add-on <= 2.4.9 - Unauthenticated Payment Bypass via Insufficient Verification of Data Authenticity via PayPal IPN Handler ('invoice'/'mc_gross' Verification)

EUVD•added 2026/05/29 8:28 a.m.•7 views

EUVD-2026-33265

ATTACKERKB•added 2026/05/29 8:28 a.m.•9 views

CVE-2026-9189

Cvelist•added 2026/05/29 8:28 a.m.•36 views

Exploits0References9

5.3CVSS0.00044EPSS

CVE•added 2026/05/29 8:28 a.m.•19 views

CVE-2026-9189

Product & component : WordPress, Contact Form 7 – PayPal & Stripe Add-on. Vulnerability : Payment Bypass via IPN handling flaw in cf7pp_paypal_ipn_handler where the IPN payload’s mc_gross, mc_currency, or receiver_email aren’t compared against stored order values before passing the attacker-contr...