Lucene search
K

75 matches found

OSV
OSV
added 2025/08/14 6:52 p.m.4 views

MAL-2025-28943 Malicious code in payment-methods-component (npm)

The package payment-methods-component was found to contain malicious code...

7.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 11:30 p.m.6 views

CVE-2022-1421

The Discy WordPress theme before 5.2 lacks CSRF checks in some AJAX actions, allowing an attacker to make a logged in admin change arbitrary 's settings including payment methods via a CSRF attack...

4.3CVSS6.9AI score0.01244EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2024/08/06 11:17 a.m.18 views

CVE-2024-33960 SQL injection in Janobe products

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'end' in...

9.8CVSS7.6AI score0.00461EPSS
Exploits0References1
CNVD
CNVD
added 2024/01/11 12:0 a.m.28 views

PrestaShop SQL Injection Vulnerability (CNVD-2024-02171)

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides a variety of payment methods, short message alerts and product image scaling and other features. PrestaShop suffers from a SQL injection vulnerability that stems from the application...

9.8CVSS7.5AI score0.00748EPSS
Exploits1References1
CNVD
CNVD
added 2023/12/08 12:0 a.m.15 views

PrestaShop SQL Injection Vulnerability (CNVD-2023-9749945)

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides a variety of payment methods, short message alerts and product image scaling and other features. PrestaShop suffers from a SQL injection vulnerability that stems from the module havi...

9.8CVSS8AI score0.00766EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/18 12:0 a.m.30 views

Paid Memberships Pro < 2.12.4 - Subscriber+ Arbitrary File Upload

Description The plugin does not properly validate file type in its pmpropaypalexpresssessionvarsforuserfields function, which could allow any authenticated users, such as subscriber to upload arbitrary files on the server. Note: Exploitation of the issue requires 2Checkout deprecated since versio...

8.8CVSS7AI score0.51535EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2023/09/28 12:0 a.m.6 views

PrestaShop Security Breach

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, short message alerts, and product image scaling. A security vulnerability exists in PrestaShop that stems from allowing low privileged users to disable some...

6.3CVSS6.7AI score0.00345EPSS
Exploits0References3
CNVD
CNVD
added 2023/08/12 12:0 a.m.12 views

PrestaShop path traversal vulnerability (CNVD-2023-64630)

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides a variety of payment methods, short message alerts and product image scaling and other features. A path traversal vulnerability exists in PrestaShop versions prior to 8.1.1, which...

8.6CVSS7.3AI score0.00632EPSS
Exploits0References1
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.5 views

WordPress WooCommerce Disable Payment Methods based on cart conditions Plugin < 1.16.0 is vulnerable to Cross Site Scripting (XSS)

Software WooCommerce Disable Payment Methods based on cart conditions Type Plugin Vulnerable versions 1.16.0 Fixed in 1.16.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID...

6.8AI score0.00284EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2023/06/14 12:0 a.m.20 views

PrestaShop path traversal vulnerability (CNVD-2023-49841)

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides a variety of payment methods, short message alerts and product image scaling and other features. A path traversal vulnerability exists in Prestashop winbizpayment that stems from...

7.5CVSS6.5AI score0.05523EPSS
Exploits3References1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2023/06/01 12:0 a.m.24 views

HikaShop Joomla Plugin, , SQL Injection

anyone with access to the order management in the backend of HikaShop to be able to use a MySQL injection to extract data from the database. "payment methods" restriction setting to custom fields of the "order" table in HikaShop 4.4.1, so prior versions of HikaShop are not impacted...

7.1AI score
Exploits0References1Affected Software1
CNVD
CNVD
added 2023/05/23 12:0 a.m.17 views

Prestashop path traversal vulnerability (CNVD-2023-41497)

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides a variety of payment methods, short message alerts and product image scaling and other features. Prestashop 1.7.20 and previous versions of the existence of path traversal...

7.5CVSS6.6AI score0.00697EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/04/25 12:0 a.m.7 views

Odoo 安全漏洞

Odoo is an Enterprise Resource Planning ERP and Customer Relationship Management CRM system from Odoo Belgium. The system is developed in Python language with PostgreSQL as the database and includes modules for sales management, inventory management, and financial management. A security...

7.5CVSS7.7AI score0.00563EPSS
Exploits0References5
Securelist
Securelist
added 2023/04/10 8:0 a.m.25 views

Overview of Google Play threats sold on the dark web

In 2022, Kaspersky security solutions detected 1,661,743 malware or unwanted software installers, targeting mobile users. Although the most common way of distributing such installers is through third-party websites and dubious app stores, their authors every now and then manage to upload them to...

7.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/02/20 7:0 a.m.14 views

GoDaddy says it's a victim of multi-year cyberattack campaign

Hosting and domain name company GoDaddy says it believes a "sophisticated threat actor group" has been subjecting the company to a multi-year attack campaign, the most recent of which occurred in December 2022. In December, it received complaints about customer websites being periodically...

0.1AI score
Exploits0
wpexploit
wpexploit
added 2023/02/20 12:0 a.m.147 views

Namaste! LMS < 2.6 - Admin+ Stored XSS

The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. One XSS issue was fixed in version 2.5.9.9. The...

4.8CVSS5.2AI score0.00442EPSS
Exploits2
Malwarebytes
Malwarebytes
added 2023/02/15 1:0 a.m.15 views

TrickBot gang members sanctioned after pandemic ransomware attacks

In a collaborative partnership, officials in the United States and the United Kingdom unmasked and imposed financial sanctions against seven members of the notorious Russian gang TrickBot alias "TrickLoader", a mainstream banking Trojan turned malware-as-a-service MaaS platform for other criminal...

1.2AI score
Exploits0
NVD
NVD
added 2023/02/03 9:15 p.m.44 views

CVE-2023-23941

SwagPayPal is a PayPal integration for shopware/platform. If JavaScript-based PayPal checkout methods are used PayPal Plus, Smart Payment Buttons, SEPA, Pay Later, Venmo, Credit card, the amount and item list sent to PayPal may not be identical to the one in the created order. The problem has bee...

7.5CVSS7.5AI score0.00297EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/02/03 8:26 p.m.4 views

CVE-2023-23941 SwagPayPal payment not sent to PayPal correctly

SwagPayPal is a PayPal integration for shopware/platform. If JavaScript-based PayPal checkout methods are used PayPal Plus, Smart Payment Buttons, SEPA, Pay Later, Venmo, Credit card, the amount and item list sent to PayPal may not be identical to the one in the created order. The problem has bee...

7.5CVSS7.7AI score0.00297EPSS
Exploits0References2
OSV
OSV
added 2023/01/16 4:15 p.m.5 views

CVE-2022-4547

The Conditional Payment Methods for WooCommerce WordPress plugin through 1.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin|users with a role as low as admin...

7.2CVSS5.8AI score0.00945EPSS
Exploits2References2
Rows per page
Query Builder