Lucene search
+L

28 matches found

CVE
CVE
added 2026/01/07 9:21 a.m.19 views

CVE-2025-14460

CVE-2025-14460 affects the Piraeus Bank WooCommerce Payment Gateway for WordPress. The Wordfence entry confirms missing authorization on the payment callback endpoint, allowing unauthenticated attackers to change any order status to “failed” by supplying the MerchantReference (order ID). Versions...

5.3CVSS5.5AI score0.0036EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/07 9:21 a.m.33 views

CVE-2025-14460 Piraeus Bank WooCommerce Payment Gateway <= 3.1.4 - Missing Authorization to Unauthenticated Arbitrary Order Status Change

The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is vulnerable to unauthorized order status modification in all versions up to, and including, 3.1.4. This is due to missing authorization checks on the payment callback endpoint handler when processing the 'fail' callback from the...

5.3CVSS0.0036EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/07 12:0 a.m.4 views

WordPress plugin Piraeus Bank WooCommerce Payment Gateway 安全漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPre...

5.3CVSS6.6AI score0.0036EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.7 views

PT-2026-1636

Name of the Vulnerable Software and Affected Versions Piraeus Bank WooCommerce Payment Gateway plugin for WordPress versions through 3.1.4 Description The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is susceptible to unauthorized modification of order statuses. This is a result ...

5.3CVSS6.4AI score0.0036EPSS
Exploits0References5
OSV
OSV
added 2024/07/11 4:15 a.m.3 views

CVE-2024-0619

The Payflex Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the paymentcallback function in all versions up to, and including, 2.5.0. This makes it possible for unauthenticated attackers to update the status of orders,...

5.3CVSS5.8AI score0.00402EPSS
Exploits0References2
Hacker One
Hacker One
added 2019/08/27 7:35 a.m.25 views

Starbucks: Improper handling of payment callback allows topping up a Swiss Starbucks Card bypassing actual payment via a crafted success message

khovansky uncovered that an attacker could register on https://xtras.starbucks.ch and utilizing that registration, subsequently generate a reset password email via https://card.starbucks.ch After resetting the password for the account, khovansky noticed this process auto generates a virtual Swiss...

1.1AI score
Exploits0
Drupal
Drupal
added 2018/09/26 12:0 a.m.18 views

Commerce Klarna Checkout - Moderately critical - Access bypass - SA-CONTRIB-2018-062

The Commerce Klarna Checkout module enables you to accept payments from the Klarna Checkout payment provider The module doesn't sufficiently validate the payment callback made by Klarna. An attacker could bypass the payment step...

6.6AI score
Exploits0References6
seebug.org
seebug.org
added 2014/11/10 12:0 a.m.27 views

TinyShop SQL注入一枚

简要描述: 20140926 详细说明: /protected/controllers/payment.php中 callback 函数 public function callback //从URL中获取支付方式 $paymentid = Filter::intReq::get'paymentid'; $payment = new Payment$paymentid; $paymentPlugin = $payment-getPaymentPlugin; //先获取一个支付方式,默认只有余额支付 ,id为1 。。。 //执行接口回调函数 $callbackData =...

7.1AI score
Exploits0
Rows per page
Query Builder