18 matches found
CVE-2025-14460
The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is vulnerable to unauthorized order status modification in all versions up to, and including, 3.1.4. This is due to missing authorization checks on the payment callback endpoint handler when processing the 'fail' callback from the...
CVE-2025-14460
The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is vulnerable to unauthorized order status modification in all versions up to, and including, 3.1.4. This is due to missing authorization checks on the payment callback endpoint handler when processing the 'fail' callback from the...
WordPress Piraeus Bank WooCommerce Payment Gateway plugin <= 3.1.4 - Missing Authorization to Unauthenticated Arbitrary Order Status Change vulnerability
Missing Authorization to Unauthenticated Arbitrary Order Status Change vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Piraeus Bank WooCommerce Payment Gateway versions = 3.1.4...
CVE-2025-14460 Piraeus Bank WooCommerce Payment Gateway <= 3.1.4 - Missing Authorization to Unauthenticated Arbitrary Order Status Change
The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is vulnerable to unauthorized order status modification in all versions up to, and including, 3.1.4. This is due to missing authorization checks on the payment callback endpoint handler when processing the 'fail' callback from the...
WordPress plugin Piraeus Bank WooCommerce Payment Gateway 安全漏洞
WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPre...
PT-2026-1636
Name of the Vulnerable Software and Affected Versions Piraeus Bank WooCommerce Payment Gateway plugin for WordPress versions through 3.1.4 Description The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is susceptible to unauthorized modification of order statuses. This is a result ...
EUVD-2024-16403
Malicious code in bioql PyPI...
CVE-2024-0610
The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'MerchantReference' parameter in all versions up to, and including, 1.6.5.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...
WordPress Piraeus Bank WooCommerce Payment Gateway Plugin <= 1.6.5.1 is vulnerable to SQL Injection
Software Piraeus Bank WooCommerce Payment Gateway Type Plugin Vulnerable versions = 1.6.5.1 Fixed in 1.7.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-0610 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 2c176142924a Credits Francesco Carlucci...
CVE-2024-0610
The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'MerchantReference' parameter in all versions up to, and including, 1.6.5.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...
CVE-2024-0610
The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'MerchantReference' parameter in all versions up to, and including, 1.6.5.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...
Sql injection
The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'MerchantReference' parameter in all versions up to, and including, 1.6.5.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...
CVE-2024-0610 Piraeus Bank WooCommerce Payment Gateway <= 1.6.5.1 - Unauthenticated SQL Injection
The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'MerchantReference' parameter in all versions up to, and including, 1.6.5.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...
CVE-2024-0610 Piraeus Bank WooCommerce Payment Gateway <= 1.6.5.1 - Unauthenticated SQL Injection
The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'MerchantReference' parameter in all versions up to, and including, 1.6.5.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...
CVE-2024-0610
The CVE-2024-0610 entry concerns the Piraeus Bank WooCommerce Payment Gateway for WordPress. A time-based blind SQL Injection exists in the MerchantReference parameter across all versions up to and including 1.6.5.1, caused by insufficient escaping of user input and inadequate preparation of the ...
WordPress Plugin Piraeus Bank WooCommerce Payment Gateway Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
PT-2024-15687 · WordPress · Piraeus Bank Woocommerce Payment Gateway
Name of the Vulnerable Software and Affected Versions: Piraeus Bank WooCommerce Payment Gateway plugin for WordPress versions up to, and including, 1.6.5.1 Description: The issue is related to a time-based blind SQL Injection vulnerability via the MerchantReference parameter. This vulnerability i...
Piraeus Bank WooCommerce Payment Gateway < 1.7.0 - Unauthenticated SQL Injection
Description The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'MerchantReference' parameter in all versions up to, and including, 1.6.5.1 due to insufficient escaping on the user supplied parameter and lack of sufficient...