Lucene search
K

8 matches found

Cvelist
Cvelist
added 2026/07/06 9:53 p.m.33 views

CVE-2026-43928 FOSSBilling: Payment amount not validated in PayPalEmail adapter allows invoice underpayment

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the PayPalEmail payment adapter accepts PayPal IPN callbacks and credits the IPN-supplied amount mcgross to the client's balance without validating it against the invoice total. Combined with a $0.05...

2.3CVSS0.00274EPSS
Exploits0References1
NVD
NVD
added 2026/01/17 9:15 a.m.10 views

CVE-2025-14078

The PAYGENT for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.4.6. This is due to missing authorization checks on the paygentcheckwebhook function combined with the paygentpermissioncallback function unconditionally returning true ...

5.3CVSS0.00261EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/01/17 8:24 a.m.4 views

CVE-2025-14078 PAYGENT for WooCommerce <= 2.4.6 - Missing Authorization to Unauthenticated Payment Callback Manipulation

The PAYGENT for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.4.6. This is due to missing authorization checks on the paygentcheckwebhook function combined with the paygentpermissioncallback function unconditionally returning true ...

5.3CVSS5.5AI score0.00261EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/17 7:15 a.m.6 views

CVE-2026-0939

The Rede Itaú for WooCommerce plugin for WordPress is vulnerable to order status manipulation due to insufficient verification of data authenticity in all versions up to, and including, 5.1.2. This is due to the plugin failing to verify the authenticity of payment callbacks. This makes it possibl...

5.3CVSS5.9AI score0.00148EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/16 6:43 a.m.3 views

CVE-2026-0939 Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit <= 5.1.2 - Unauthenticated Order Status Manipulation

The Rede Itaú for WooCommerce plugin for WordPress is vulnerable to order status manipulation due to insufficient verification of data authenticity in all versions up to, and including, 5.1.2. This is due to the plugin failing to verify the authenticity of payment callbacks. This makes it possibl...

5.3CVSS5.6AI score0.00148EPSS
Exploits0References5
CVE
CVE
added 2026/01/16 6:43 a.m.24 views

CVE-2026-0939

CVE-2026-0939 (Rede Itaú for WooCommerce) : The WordPress plugin is vulnerable to unauthenticated order status manipulation due to insufficient verification of payment callback authenticity in all versions up to 5.1.2. This allows attackers to mark orders as paid/failed without authentication. Ex...

5.3CVSS5.6AI score0.00148EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/01/16 6:43 a.m.28 views

CVE-2026-0939 Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit <= 5.1.2 - Unauthenticated Order Status Manipulation

The Rede Itaú for WooCommerce plugin for WordPress is vulnerable to order status manipulation due to insufficient verification of data authenticity in all versions up to, and including, 5.1.2. This is due to the plugin failing to verify the authenticity of payment callbacks. This makes it possibl...

5.3CVSS0.00148EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/16 12:0 a.m.15 views

PT-2026-3226

The Rede Itaú for WooCommerce plugin for WordPress is vulnerable to order status manipulation due to insufficient verification of data authenticity in all versions up to, and including, 5.1.2. This is due to the plugin failing to verify the authenticity of payment callbacks. This makes it possibl...

5.3CVSS5.9AI score0.00148EPSS
Exploits0References5
Rows per page
Query Builder