28 matches found
CVE-2025-14460
CVE-2025-14460 affects the Piraeus Bank WooCommerce Payment Gateway for WordPress. The Wordfence entry confirms missing authorization on the payment callback endpoint, allowing unauthenticated attackers to change any order status to “failed” by supplying the MerchantReference (order ID). Versions...
CVE-2025-14460 Piraeus Bank WooCommerce Payment Gateway <= 3.1.4 - Missing Authorization to Unauthenticated Arbitrary Order Status Change
The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is vulnerable to unauthorized order status modification in all versions up to, and including, 3.1.4. This is due to missing authorization checks on the payment callback endpoint handler when processing the 'fail' callback from the...
WordPress plugin Piraeus Bank WooCommerce Payment Gateway 安全漏洞
WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPre...
PT-2026-1636
Name of the Vulnerable Software and Affected Versions Piraeus Bank WooCommerce Payment Gateway plugin for WordPress versions through 3.1.4 Description The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is susceptible to unauthorized modification of order statuses. This is a result ...
CVE-2024-0619
The Payflex Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the paymentcallback function in all versions up to, and including, 2.5.0. This makes it possible for unauthenticated attackers to update the status of orders,...
Starbucks: Improper handling of payment callback allows topping up a Swiss Starbucks Card bypassing actual payment via a crafted success message
khovansky uncovered that an attacker could register on https://xtras.starbucks.ch and utilizing that registration, subsequently generate a reset password email via https://card.starbucks.ch After resetting the password for the account, khovansky noticed this process auto generates a virtual Swiss...
Commerce Klarna Checkout - Moderately critical - Access bypass - SA-CONTRIB-2018-062
The Commerce Klarna Checkout module enables you to accept payments from the Klarna Checkout payment provider The module doesn't sufficiently validate the payment callback made by Klarna. An attacker could bypass the payment step...
TinyShop SQL注入一枚
简要描述: 20140926 详细说明: /protected/controllers/payment.php中 callback 函数 public function callback //从URL中获取支付方式 $paymentid = Filter::intReq::get'paymentid'; $payment = new Payment$paymentid; $paymentPlugin = $payment-getPaymentPlugin; //先获取一个支付方式,默认只有余额支付 ,id为1 。。。 //执行接口回调函数 $callbackData =...