CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 5 hours ago•6 views

CVE-2026-7792 WPForms <= 1.10.0.4 - Unauthenticated Insufficient Verification of Data Authenticity via PayPal Commerce Webhook Endpoint

5.3CVSS

CVE•added 5 hours ago•9 views

CVE-2026-7792

Technical details about CVE-2026-7792 are not publicly available in the provided documents. Monitor for updates.

EUVD•added 5 hours ago•3 views

EUVD-2026-34954

ATTACKERKB•added 5 hours ago•4 views

CVE-2026-7792

Positive Technologies•added 7 hours ago•3 views

Exploits0References15

PT-2026-47131

RedhatCVE•added yesterday•3 views

CVE-2026-43883

WWBN AVideo is an open source video platform. In versions up to and including 29.0, plugin/PayPalYPT/agreementCancel.json.php cancels a PayPal billing agreement using an attacker-supplied agreement parameter without verifying that the authenticated user owns the agreement. A low-privilege...

4.2CVSS5.4AI score0.0004EPSS

Exploits0References1

Nuclei•added yesterday•6 views

Accept Donations with PayPal <= 1.5.2 - Open Redirect

The Accept Donations with PayPal & Stripe plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.5.2. This is due to insufficient validation on the redirect url supplied. This makes it possible for unauthenticated attackers to redirect users to potentially...

4.7CVSS5.5AI score0.00128EPSS

Exploits0References2

Nuclei•added yesterday•10 views

WordPress PayPal Pro <1.1.65 - SQL Injection

WordPress PayPal Pro plugin before 1.1.65 is susceptible to SQL injection via the 'query' parameter which allows for any unauthenticated user to perform SQL queries with the results output to a web page in JSON format. id: CVE-2020-14092 info: name: WordPress PayPal Pro 1.1.65 - SQL Injection...

9.8CVSS8AI score0.79659EPSS

Exploits1References5

NVD•added 2026/05/29 9:16 a.m.•9 views

CVE-2026-9189

The Contact Form 7 – PayPal & Stripe Add-on plugin for WordPress is vulnerable to Payment Bypass via Insufficient Verification of Data Authenticity in all versions up to, and including, 2.4.9. Although cf7pppaypalipnhandler correctly validates IPN authenticity by posting back to PayPal with...

5.3CVSS0.00044EPSS

Vulnrichment•added 2026/05/29 8:28 a.m.•6 views

CVE-2026-9189 Contact Form 7 – PayPal & Stripe Add-on <= 2.4.9 - Unauthenticated Payment Bypass via Insufficient Verification of Data Authenticity via PayPal IPN Handler ('invoice'/'mc_gross' Verification)

5.3CVSS5.9AI score0.00044EPSS

Cvelist•added 2026/05/29 8:28 a.m.•33 views

5.3CVSS0.00044EPSS

EUVD•added 2026/05/29 8:28 a.m.•7 views

EUVD-2026-33265

5.3CVSS5.9AI score0.00044EPSS

Positive Technologies•added 2026/05/29 12:0 a.m.•6 views

PT-2026-44772

The Contact Form 7 – PayPal & Stripe Add-on plugin for WordPress is vulnerable to Payment Bypass via Insufficient Verification of Data Authenticity in all versions up to, and including, 2.4.9. Although cf7pp paypal ipn handler correctly validates IPN authenticity by posting back to PayPal with cm...

5.3CVSS5.9AI score0.00044EPSS

Exploits0References9

CNNVD•added 2026/05/29 12:0 a.m.•6 views

WordPress plugin Contact Form 7 – PayPal & Stripe Add-on 数据伪造问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.8AI score0.00044EPSS