Lucene search
K

2570 matches found

Nuclei
Nuclei
added 11 hours ago8 views

Accept Donations with PayPal <= 1.5.2 - Open Redirect

The Accept Donations with PayPal & Stripe plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.5.2. This is due to insufficient validation on the redirect url supplied. This makes it possible for unauthenticated attackers to redirect users to potentially...

4.7CVSS5.8AI score0.00448EPSS
Exploits0References2
Nuclei
Nuclei
added 2 days ago13 views

WordPress PayPal Pro <1.1.65 - SQL Injection

WordPress PayPal Pro plugin before 1.1.65 is susceptible to SQL injection via the 'query' parameter which allows for any unauthenticated user to perform SQL queries with the results output to a web page in JSON format. id: CVE-2020-14092 info: name: WordPress PayPal Pro 1.1.65 - SQL Injection...

9.8CVSS7.3AI score0.9453EPSS
Exploits1References5
NVD
NVD
added 5 days ago9 views

CVE-2026-9242

The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to Authentication Bypass via Insufficient Verification of Data Authenticity in all versions up to and including 6.0.8.6. This is due to the PayPal IPN callback handler...

5.3CVSS0.00232EPSS
Exploits0References14
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-9242

The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to Authentication Bypass via Insufficient Verification of Data Authenticity in all versions up to and including 6.0.8.6. This is due to the PayPal IPN callback handler...

5.3CVSS5.8AI score0.00232EPSS
Exploits0References15
EUVD
EUVD
added 5 days ago9 views

EUVD-2026-39949

The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to Authentication Bypass via Insufficient Verification of Data Authenticity in all versions up to and including 6.0.8.6. This is due to the PayPal IPN callback handler...

5.3CVSS5.8AI score0.00232EPSS
Exploits0References14
CVE
CVE
added 5 days ago15 views

CVE-2026-9242

The CVE covers RegistrationMagic for WordPress (all versions up to 6.0.8.6) with an AUTHENTICATION BYPASS via forged PayPal IPN requests. The PayPal IPN callback is registered as a nopriv AJAX action with no authentication or nonce, and the handler writes attacker-controlled POST data (including ...

5.3CVSS5.8AI score0.00232EPSS
Exploits0References14
Cvelist
Cvelist
added 5 days ago38 views

CVE-2026-9242 RegistrationMagic <= 6.0.8.6 - Authenticated (Subscriber+) Authentication Bypass via Forged PayPal IPN Request

The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to Authentication Bypass via Insufficient Verification of Data Authenticity in all versions up to and including 6.0.8.6. This is due to the PayPal IPN callback handler...

5.3CVSS0.00232EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 5 days ago16 views

PT-2026-53059

Name of the Vulnerable Software and Affected Versions RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login versions prior to 6.0.8.7 Description An authentication bypass exists due to insufficient verification of data authenticity. The PayPal IPN callback...

5.3CVSS5.8AI score0.00232EPSS
Exploits0References20
NVD
NVD
added 2026/06/20 7:16 p.m.10 views

CVE-2026-56341

AVideo through version 26.0 contains multiple unauthenticated list.json.php endpoints in payment plugins lacking authorization checks, exposing PayPal tokens, Authorize.Net webhooks, and Bitcoin transaction records. Unauthenticated attackers can retrieve all payment transaction data including...

8.7CVSS0.00302EPSS
Exploits0References2
CVE
CVE
added 2026/06/20 6:27 p.m.17 views

CVE-2026-56341

AVideo prior to 26.1 (through version 26.0) exposes unauthenticated access to payment data via multiple list.json.php endpoints in payment plugins, lacking authorization checks. The issue enables retrieval of PayPal tokens, Authorize.Net webhooks, and Bitcoin transaction records, including agreem...

8.7CVSS5.8AI score0.00302EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/20 6:27 p.m.7 views

CVE-2026-56341

AVideo through version 26.0 contains multiple unauthenticated list.json.php endpoints in payment plugins lacking authorization checks, exposing PayPal tokens, Authorize.Net webhooks, and Bitcoin transaction records. Unauthenticated attackers can retrieve all payment transaction data including...

8.7CVSS5.8AI score0.00302EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/20 6:27 p.m.18 views

CVE-2026-56341 AVideo - Unauthenticated Access to Payment Log DataTables Endpoints via list.json.php

AVideo through version 26.0 contains multiple unauthenticated list.json.php endpoints in payment plugins lacking authorization checks, exposing PayPal tokens, Authorize.Net webhooks, and Bitcoin transaction records. Unauthenticated attackers can retrieve all payment transaction data including...

8.7CVSS0.00302EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/20 6:27 p.m.9 views

EUVD-2026-38130

AVideo through version 26.0 contains multiple unauthenticated list.json.php endpoints in payment plugins lacking authorization checks, exposing PayPal tokens, Authorize.Net webhooks, and Bitcoin transaction records. Unauthenticated attackers can retrieve all payment transaction data including...

8.7CVSS5.8AI score0.00302EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2026/06/12 8:52 a.m.21 views

INTERPOL Operation Takes Down Sniper Dz Phishing Platform, Arrests Administrator

An INTERPOL-led operation last month resulted in the disruption of Sniper Dz , a decade-long phishing-as-a-service PhaaS platform, Group-IB said Thursday. The effort, codenamed Operation Ramz, took place between October 2025 and February 2026, and saw authorities from 13 countries in the Middle...

5.5AI score
Exploits0
Snyk
Snyk
added 2026/06/11 4:7 a.m.6 views

Malicious Package

Overview paypal-payouts-bridge is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/10 8:59 a.m.12 views

CVE-2026-4986

The WPForms WordPress plugin before 1.10.0.5 does not verify the authenticity of incoming PayPal webhook events before processing them, allowing unauthenticated attackers to forge webhook payloads and manipulate the payment state of arbitrary transactions...

5.3CVSS5.6AI score0.00197EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 6:16 a.m.12 views

CVE-2026-4986

The WPForms WordPress plugin before 1.10.0.5 does not verify the authenticity of incoming PayPal webhook events before processing them, allowing unauthenticated attackers to forge webhook payloads and manipulate the payment state of arbitrary transactions...

5.3CVSS0.00197EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 6:0 a.m.10 views

EUVD-2026-35351

The WPForms WordPress plugin before 1.10.0.5 does not verify the authenticity of incoming PayPal webhook events before processing them, allowing unauthenticated attackers to forge webhook payloads and manipulate the payment state of arbitrary transactions...

5.3CVSS5.6AI score0.00197EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 6:0 a.m.30 views

CVE-2026-4986

The CVE-2026-4986 entry concerns the WPForms WordPress plugin (pre-1.10.0.5). The issue is that incoming PayPal webhook events are not validated for authenticity before processing, enabling unauthenticated attackers to forge webhook payloads and manipulate the payment state of arbitrary transacti...

5.3CVSS5.6AI score0.00197EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 6:0 a.m.37 views

CVE-2026-4986 WPForms Lite < 1.10.0.5 – Unauthenticated PayPal Webhook Forgery

The WPForms WordPress plugin before 1.10.0.5 does not verify the authenticity of incoming PayPal webhook events before processing them, allowing unauthenticated attackers to forge webhook payloads and manipulate the payment state of arbitrary transactions...

0.00197EPSS
Exploits0References1
Rows per page
Query Builder