Lucene search
K

15 matches found

EUVD
EUVD
added 4 days ago10 views

EUVD-2026-39957

The WP Full Stripe Free plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 8.4.3 via the wpfsupdatefailedpaymentstatus AJAX action. The handler is registered through both wpajax and wpajaxnopriv hooks and the underlying updatefailedpaymentstatus function...

5.3CVSS5.6AI score0.00323EPSS
Exploits2References10
CVE
CVE
added 4 days ago11 views

CVE-2026-12432

The CVE affects the WP Full Stripe Free plugin for WordPress, up to version 8.4.3. The vulnerability is in the wpfs_update_failed_payment_status AJAX action, where the handler is registered via wp_ajax_ and wp_ajax_nopriv_ hooks and the underlying update_failed_payment_status() function performs ...

5.3CVSS5.6AI score0.00323EPSS
Exploits2References10
Cvelist
Cvelist
added 4 days ago34 views

CVE-2026-12432 Stripe Payment Forms by WP Full Pay <= 8.4.3 - Missing Authorization to Unauthenticated Payment Record Manipulation via 'paymentIntentId' Parameter

The WP Full Stripe Free plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 8.4.3 via the wpfsupdatefailedpaymentstatus AJAX action. The handler is registered through both wpajax and wpajaxnopriv hooks and the underlying updatefailedpaymentstatus function...

5.3CVSS0.00323EPSS
Exploits2References10
NVD
NVD
added 2026/06/06 4:17 a.m.13 views

CVE-2026-7792

The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to and including 1.10.0.1. This is due to the PayPal Commerce webhook endpoint processing unauthenticat...

5.3CVSS0.00202EPSS
Exploits0References14
ATTACKERKB
ATTACKERKB
added 2026/06/06 2:28 a.m.7 views

CVE-2026-7792

The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to and including 1.10.0.1. This is due to the PayPal Commerce webhook endpoint processing unauthenticat...

5.3CVSS5.4AI score0.00202EPSS
Exploits0References15
CVE
CVE
added 2026/06/06 2:28 a.m.39 views

CVE-2026-7792

Technical details about CVE-2026-7792 are not publicly available in the provided documents. Monitor for updates.

5.3CVSS5.4AI score0.00202EPSS
Exploits0References14
RedhatCVE
RedhatCVE
added 2026/06/05 7:38 p.m.8 views

CVE-2026-34233

CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, multiple admin controllers expose DataTable endpoints without authorization checks, allowing any authenticated user to access sensitive administrative data that should be restricted to administrators onl...

6.5CVSS5.5AI score0.0028EPSS
Exploits0References1
NVD
NVD
added 2026/05/19 9:16 p.m.16 views

CVE-2026-34233

CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, multiple admin controllers expose DataTable endpoints without authorization checks, allowing any authenticated user to access sensitive administrative data that should be restricted to administrators onl...

6.5CVSS0.0028EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/27 4:59 a.m.5 views

CVE-2026-33931

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an Insecure Direct Object Reference IDOR vulnerability in the patient portal payment page allows any authenticated portal patient to access other patients' payment...

6.5CVSS5.8AI score0.00351EPSS
Exploits1References1
NVD
NVD
added 2026/03/26 12:16 a.m.12 views

CVE-2026-33931

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an Insecure Direct Object Reference IDOR vulnerability in the patient portal payment page allows any authenticated portal patient to access other patients' payment...

6.5CVSS0.00351EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/25 11:36 p.m.3 views

CVE-2026-33931

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an Insecure Direct Object Reference IDOR vulnerability in the patient portal payment page allows any authenticated portal patient to access other patients' payment...

6.5CVSS5.8AI score0.00351EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/03/25 11:36 p.m.16 views

CVE-2026-33931

Vulnerability summary (CVE-2026-33931) : OpenEMR prior to version 8.0.0.3 contains an insecure direct object reference (IDOR) in the patient portal payment page. By manipulating the recid parameter in portal/portal_payment.php, any authenticated portal patient could access other patients’ payment...

6.5CVSS5.8AI score0.00351EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.6 views

PT-2026-28148

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an Insecure Direct Object Reference IDOR vulnerability in the patient portal payment page allows any authenticated portal patient to access other patients' payment...

6.5CVSS5.8AI score0.00351EPSS
Exploits1References4
HackRead
HackRead
added 2020/05/19 10:37 p.m.35 views

Brazil’s cosmetic giant Natura leaked 192 million records with payment data

By Waqas It's a massive security failure by The Natura & Co Group. This is a post from HackRead.com Read the original post: Brazil's cosmetic giant Natura leaked 192 million records with payment data...

2.6AI score
Exploits0
Hacker One
Hacker One
added 2019/05/04 11:6 p.m.17 views

U.S. Dept Of Defense: ████ - Complete account takeover

Summary: ███████ ██████████ was updated today 03/04, which includes a backend rewrite. Unfortunately, the new site is insecure and allows a password to be reset given only a username. This allows access to payment records for any DoD employee given only their username, which is commonly known...

6.6AI score
Exploits0
Rows per page
Query Builder