3 matches found
CVE-2025-14460
The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is vulnerable to unauthorized order status modification in all versions up to, and including, 3.1.4. This is due to missing authorization checks on the payment callback endpoint handler when processing the 'fail' callback from the...
Sql injection
The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'MerchantReference' parameter in all versions up to, and including, 1.6.5.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...
CVE-2024-0610
The CVE-2024-0610 entry concerns the Piraeus Bank WooCommerce Payment Gateway for WordPress. A time-based blind SQL Injection exists in the MerchantReference parameter across all versions up to and including 1.6.5.1, caused by insufficient escaping of user input and inadequate preparation of the ...