Lucene search
+L

70 matches found

cvelist
cvelist
added 2025/11/06 3:55 p.m.12 views

CVE-2025-62075 WordPress Simple Payment plugin <= 2.4.6 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Ido Kobelkowsky Simple Payment simple-payment.This issue affects Simple Payment: from n/a through = 2.4.6...

7.5CVSS0.00331EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/11/06 3:55 p.m.3 views

CVE-2025-62075 WordPress Simple Payment plugin <= 2.4.6 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Ido Kobelkowsky Simple Payment simple-payment.This issue affects Simple Payment: from n/a through = 2.4.6...

7.5CVSS6.7AI score0.00331EPSS
Exploits0References1
cnnvd
cnnvd
added 2025/11/06 12:0 a.m.3 views

WordPress plugin Simple Payment 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

7.1CVSS5.8AI score0.00169EPSS
Exploits0References1
patchstack
patchstack
added 2025/10/29 12:29 p.m.5 views

WordPress Simple Payment plugin <= 2.4.6 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by ? in WordPress Plugin Simple Payment versions = 2.4.6...

7.3CVSS6.8AI score0.00331EPSS
Exploits0Affected Software1
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-53932

Malicious code in bioql PyPI...

5.3CVSS6.7AI score0.00386EPSS
Exploits0References2
euvd
euvd
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-51421

Malicious code in bioql PyPI...

4.8CVSS5.2AI score0.0047EPSS
Exploits2References1
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-19376

Malicious code in bioql PyPI...

9.8CVSS6.4AI score0.00452EPSS
Exploits0References2
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-59669

Malicious code in bioql PyPI...

5.4CVSS6.6AI score0.00275EPSS
Exploits0References2
nvd
nvd
added 2025/09/10 7:15 a.m.3 views

CVE-2025-9463

The Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 1.117.5 due to insufficient escaping on the user supplied parameter and...

6.5CVSS0.00287EPSS
Exploits0References4
redhatcve
redhatcve
added 2025/06/29 8:24 a.m.21 views

CVE-2025-6688

The Simple Payment plugin for WordPress is vulnerable to Authentication Bypass in versions 1.3.6 to 2.3.8. This is due to the plugin not properly verifying a user's identity prior to logging them in through the createuser function. This makes it possible for unauthenticated attackers to log in as...

9.8CVSS7.2AI score0.00452EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/06/27 7:22 a.m.5 views

CVE-2025-6688 Simple Payment 1.3.6 - 2.3.8 - Authentication Bypass to Admin

The Simple Payment plugin for WordPress is vulnerable to Authentication Bypass in versions 1.3.6 to 2.3.8. This is due to the plugin not properly verifying a user's identity prior to logging them in through the createuser function. This makes it possible for unauthenticated attackers to log in as...

9.8CVSS7.1AI score0.00452EPSS
Exploits0References2
cvelist
cvelist
added 2025/06/27 7:22 a.m.13 views

CVE-2025-6688 Simple Payment 1.3.6 - 2.3.8 - Authentication Bypass to Admin

The Simple Payment plugin for WordPress is vulnerable to Authentication Bypass in versions 1.3.6 to 2.3.8. This is due to the plugin not properly verifying a user's identity prior to logging them in through the createuser function. This makes it possible for unauthenticated attackers to log in as...

9.8CVSS0.00452EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2025/06/06 12:0 a.m.9 views

PT-2025-24195 · Woocommerce · Miguel Fuentes Payment Qr Woocommerce

Name of the Vulnerable Software and Affected Versions: Miguel Fuentes Payment QR WooCommerce versions 1.1.6 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For...

5.3CVSS5.1AI score0.00273EPSS
Exploits0References3
redhatcve
redhatcve
added 2025/05/23 4:13 a.m.9 views

CVE-2023-4040

The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ehcallbackhandler function in versions up to, and including, 3.7.9. This makes it possible for unauthenticated attackers to modify the order...

5.3CVSS6.8AI score0.00386EPSS
Exploits0
redhatcve
redhatcve
added 2025/05/23 2:15 a.m.11 views

CVE-2023-3162

The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.7.7. This is due to insufficient verification on the user being supplied during a Stripe checkout through the plugin. This allows unauthenticated attackers to...

9.8CVSS7AI score0.00966EPSS
Exploits2References1
redhatcve
redhatcve
added 2025/02/04 10:59 p.m.9 views

CVE-2024-0705

The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 3.7.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

9.8CVSS7.4AI score0.02635EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2024/11/23 11:39 a.m.12 views

CVE-2024-11228 워드프레스 결제 심플페이 – 우커머스 결제 플러그인 <= 5.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting pafw_instant_payment Shortcode

The 워드프레스 결제 심플페이 – 우커머스 결제 플러그인 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's pafwinstantpayment shortcode in all versions up to, and including, 5.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...

6.4CVSS5.8AI score0.00433EPSS
Exploits0References4
cvelist
cvelist
added 2024/11/23 11:39 a.m.21 views

CVE-2024-11228 워드프레스 결제 심플페이 – 우커머스 결제 플러그인 <= 5.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting pafw_instant_payment Shortcode

The 워드프레스 결제 심플페이 – 우커머스 결제 플러그인 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's pafwinstantpayment shortcode in all versions up to, and including, 5.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...

6.4CVSS0.00433EPSS
Exploits0References4
nvd
nvd
added 2024/10/29 5:15 p.m.23 views

CVE-2024-50459

Missing Authorization vulnerability in Hossni Mubarak AidWP wp-stripe-donation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AidWP: from n/a through = 3.2.3...

9.8CVSS0.004EPSS
Exploits0References1
osv
osv
added 2024/10/29 5:15 p.m.4 views

CVE-2024-50459

Missing Authorization vulnerability in HM Plugin WordPress Stripe Donation and Payment Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Stripe Donation and Payment Plugin: from n/a through 3.2.3...

9.8CVSS5.8AI score0.004EPSS
Exploits0References1
Rows per page
Query Builder