85 matches found
CVE-2024-43973 WordPress Payment forms, Buy now buttons and Invoicing System plugin <= 2.8.11 - Broken Access Control vulnerability
Missing Authorization vulnerability in AyeCode Ltd GetPaid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GetPaid: from n/a through 2.8.11...
CVE-2024-43973 WordPress GetPaid plugin <= 2.8.11 - Broken Access Control vulnerability
Missing Authorization vulnerability in Stiofan GetPaid invoicing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GetPaid: from n/a through = 2.8.11...
CVE-2023-7294
The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the createmollieprofile function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-leve...
CVE-2023-7292 Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'paytium_notice_dismiss'
The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized notification dismissal due to a missing capability check on the paytiumnoticedismiss function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with...
CVE-2023-7290 Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'check_for_verified_profiles'
The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the checkforverifiedprofiles function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with...
CVE-2023-7289 Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'paytium_sw_save_api_keys'
The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized API key update due to a missing capability check on the paytiumswsaveapikeys function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level...
VulnCheck KEV: CVE-2023-7289
The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized API key update due to a missing capability check on the paytiumswsaveapikeys function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with...
PT-2024-15271 · WordPress · The Paytium: Mollie Payment Forms & Donations
Name of the Vulnerable Software and Affected Versions: The Paytium: Mollie payment forms & donations plugin for WordPress versions up to, and including, 4.3.7 Description: The issue is related to unauthorized access of data due to a missing capability check on the check for verified profiles...
WordPress GetPaid plugin <= 2.8.11 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Muhammad Daffa in WordPress Plugin GetPaid versions = 2.8.11...
CVE-2024-32510
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Loopus WP Cost Estimation & Payment Forms Builder allows Reflected XSS.This issue affects WP Cost Estimation & Payment Forms Builder: from n/a through 10.1.75...
CVE-2024-32130
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Paystack Payment Forms for Paystack allows Stored XSS.This issue affects Payment Forms for Paystack: from n/a through 3.4.1...
CVE-2024-32130 WordPress Payment Forms for Paystack plugin <= 3.4.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Paystack Payment Forms for Paystack allows Stored XSS.This issue affects Payment Forms for Paystack: from n/a through 3.4.1...
CVE-2024-32130 WordPress Payment Forms for Paystack plugin <= 3.4.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Paystack Payment Forms for Paystack allows Stored XSS.This issue affects Payment Forms for Paystack: from n/a through 3.4.1...
CVE-2024-32510 WordPress WP Cost Estimation & Payment Forms Builder plugin <= 10.1.75 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Loopus WP Cost Estimation & Payment Forms Builder allows Reflected XSS.This issue affects WP Cost Estimation & Payment Forms Builder: from n/a through 10.1.75...
CVE-2024-32509
Missing Authorization vulnerability in Loopus WP Cost Estimation & Payment Forms Builder.This issue affects WP Cost Estimation & Payment Forms Builder: from n/a through 10.1.76...
CVE-2024-32509 WordPress WP Cost Estimation & Payment Forms Builder plugin <= 10.1.76 - Broken Access Control vulnerability
Missing Authorization vulnerability in Loopus WP Cost Estimation & Payment Forms Builder.This issue affects WP Cost Estimation & Payment Forms Builder: from n/a through 10.1.76...
CVE-2024-32509
Technical details about CVE-2024-32509 (WP Cost Estimation & Payment Forms Builder) are not publicly provided in the supplied documents. Monitor for updates.
CVE-2024-32509 WordPress WP Cost Estimation & Payment Forms Builder plugin <= 10.1.76 - Broken Access Control vulnerability
Missing Authorization vulnerability in Loopus WP Cost Estimation & Payment Forms Builder.This issue affects WP Cost Estimation & Payment Forms Builder: from n/a through 10.1.76...
PT-2024-24626 · WordPress · Loopus Wp Cost Estimation & Payment Forms Builder
Name of the Vulnerable Software and Affected Versions: Loopus WP Cost Estimation & Payment Forms Builder versions through 10.1.76 Description: The issue is related to a Missing Authorization vulnerability in Loopus WP Cost Estimation & Payment Forms Builder. Recommendations: For versions through...
PT-2024-24425 · Paystack · Payment Forms For Paystack
Name of the Vulnerable Software and Affected Versions: Paystack Payment Forms for Paystack versions 3.4.1 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS, where an attacker...