632 matches found
Payment Gateway for Telcell < 2.0.4 - Open Redirect
The plugin does not validate the apiurl parameter before redirecting the user to its value, leading to an Open Redirect issue id: CVE-2023-6786 info: name: Payment Gateway for Telcell 2.0.4 - Open Redirect author: s4e-io severity: medium description: | The plugin does not validate the apiurl...
CVE-2026-57677
The CVE concerns the WordPress Novalnet Payment Gateway for WooCommerce plugin, affected versions
EUVD-2026-40902
The Custom Payment Gateways for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'algwccpginputfields' parameter in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
WordPress Novalnet Payment Gateway for WooCommerce plugin <= 12.10.3 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by qdtad in WordPress Plugin Novalnet Payment Gateway for WooCommerce versions = 12.10.3...
CVE-2026-57635
Unauthenticated Cross Site Request Forgery CSRF in FunnelKit Payment Gateway for Stripe WooCommerce = 1.14.0.3 versions...
CVE-2026-56048 WordPress Payment Gateway Based Fees and Discounts for WooCommerce plugin <= 3.0.0 - Insecure Direct Object References (IDOR) vulnerability
Unauthenticated Insecure Direct Object References IDOR in Payment Gateway Based Fees and Discounts for WooCommerce = 3.0.0 versions...
CVE-2026-56048
Summary: CVE-2026-56048 concerns the WordPress plugin “Payment Gateway Based Fees and Discounts for WooCommerce” (versions ≤ 3.0.0). The vulnerability is described as an unauthenticated insecure direct object reference (IDOR). The connected documents confirm the affected product and root cause (I...
EUVD-2026-39692
Unauthenticated Broken Authentication in CorvusPay WooCommerce Payment Gateway = 2.7.4 versions...
CVE-2026-56023
Customer Broken Access Control in UPI QR Code Payment Gateway for WooCommerce = 1.6.2 versions...
EUVD-2026-39378
Customer Broken Access Control in UPI QR Code Payment Gateway for WooCommerce = 1.6.2 versions...
CVE-2026-56023
Customer Broken Access Control in UPI QR Code Payment Gateway for WooCommerce = 1.6.2 versions...
WordPress UPI QR Code Payment Gateway for WooCommerce plugin <= 1.6.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by ParkHyunWoo in WordPress Plugin UPI QR Code Payment Gateway for WooCommerce versions = 1.6.2...
CVE-2026-2381
The CVE concerns the WooCommerce Stripe Payment Gateway plugin for WordPress, affected in all versions up to 10.7.0. Root cause: missing capability check and missing order ownership/order_key verification in the wc_stripe_pay_for_order WC‑AJAX endpoint, with only a nonce validation. Impact: unaut...
EUVD-2026-36918
Unauthenticated Sensitive Data Exposure in IDPay Payment Gateway for Woocommerce = 2.2.5 versions...
CVE-2026-49066
Unauthenticated Sensitive Data Exposure in Conekta Payment Gateway = 6.0.0 versions...
CVE-2026-49066 WordPress Conekta Payment Gateway plugin <= 6.0.0 - Sensitive Data Exposure vulnerability
Unauthenticated Sensitive Data Exposure in Conekta Payment Gateway = 6.0.0 versions...
EUVD-2026-36873
Unauthenticated Sensitive Data Exposure in Conekta Payment Gateway = 6.0.0 versions...
CVE-2026-49066 WordPress Conekta Payment Gateway plugin <= 6.0.0 - Sensitive Data Exposure vulnerability
Unauthenticated Sensitive Data Exposure in Conekta Payment Gateway = 6.0.0 versions...
CVE-2026-34891
CVE-2026-34891 concerns the WordPress IDPay Payment Gateway for WooCommerce plugin (
PT-2026-49503
Unauthenticated Sensitive Data Exposure in Conekta Payment Gateway = 6.0.0 versions...