CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Improper Validation of Specified Quantity in Input vulnerability in Convers Lab WP SmartPay smartpay.This issue affects WP SmartPay: from n/a through = 2.8.2...

7.5CVSS5.9AI score0.00082EPSS

Exploits0References1

NVD•added 2025/09/09 5:15 p.m.•3 views

CVE-2025-32689

Improper Validation of Specified Quantity in Input vulnerability in Convers Lab WP SmartPay smartpay.This issue affects WP SmartPay: from n/a through = 2.8.2...

7.5CVSS0.00082EPSS

Exploits0References1

Cvelist•added 2025/09/09 4:25 p.m.•9 views

CVE-2025-32689 WordPress Download Manager and Payment Form plugin <= 2.8.2 - Price Manipulation vulnerability

Improper Validation of Specified Quantity in Input vulnerability in Convers Lab WP SmartPay smartpay.This issue affects WP SmartPay: from n/a through = 2.8.2...

7.5CVSS0.00082EPSS

Exploits0References1

CVE•added 2025/09/09 4:25 p.m.•10 views

CVE-2025-32689

CVE-2025-32689 affects the WordPress plugin “WP SmartPay” (ThemesGrove) up to version 2.7.13. The issue is an improper validation of the specified quantity in input , potentially enabling a price manipulation vulnerability. Public documents from multiple sources confirm the affected range and the...

7.5CVSS5.9AI score0.00082EPSS

Exploits0References1

Vulnrichment•added 2025/09/09 4:25 p.m.•2 views

CVE-2025-32689 WordPress Download Manager and Payment Form plugin <= 2.8.2 - Price Manipulation vulnerability

Improper Validation of Specified Quantity in Input vulnerability in Convers Lab WP SmartPay smartpay.This issue affects WP SmartPay: from n/a through = 2.8.2...

7.5CVSS5.2AI score0.00082EPSS

Exploits0References1

Positive Technologies•added 2025/09/09 12:0 a.m.•4 views

PT-2025-36757

Name of the Vulnerable Software and Affected Versions: WP SmartPay versions n/a through 2.7.13 Description: An improper validation of the specified quantity in input exists in ThemesGrove WP SmartPay. Recommendations: Update WP SmartPay to a version later than 2.7.13...

7.5CVSS6.4AI score0.00082EPSS

Exploits0References3

CNNVD•added 2025/09/09 12:0 a.m.•2 views

WordPress plugin WP SmartPay 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

7.5CVSS6.6AI score0.00082EPSS

Exploits0References1

OSV•added 2025/07/02 4:15 a.m.•5 views

CVE-2025-3848

Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-25171. Reason: This candidate is a reservation duplicate of CVE-2025-25171. Notes: All CVE users should reference CVE-2025-25171 instead of this candidate. All references and descriptions in this candidate have been...

6.4AI score

Exploits0

Vulnrichment•added 2025/07/02 3:47 a.m.•3 views

CVE-2025-3848

...

6.4AI score

Exploits0

CVE•added 2025/07/02 3:47 a.m.•18 views

CVE-2025-3848

The WP SmartPay WordPress plugin (versions 1.1.0–2.7.13) is vulnerable to privilege escalation via account takeover due to improper validation in the update() function. An authenticated user with Subscriber level or higher can change arbitrary users’ emails (including admins) and then reset passw...

7.5AI score

Exploits0

Positive Technologies•added 2025/07/02 12:0 a.m.•0 views

PT-2025-27585 · WordPress · Wp Smartpay

Name of the Vulnerable Software and Affected Versions: WP SmartPay plugin for WordPress versions 1.1.0 through 2.7.13 Description: The issue is related to privilege escalation via account takeover. This occurs because the plugin does not properly validate a user's identity before updating their...

8.8CVSS6.8AI score

Exploits0References8

RedhatCVE•added 2025/06/29 12:6 p.m.•7 views

CVE-2025-25171

Authentication Bypass Using an Alternate Path or Channel vulnerability in Convers Lab WP SmartPay smartpay allows Authentication Abuse.This issue affects WP SmartPay: from n/a through = 2.7.13...

8.8CVSS5.9AI score0.00194EPSS

Exploits0References1

NVD•added 2025/06/27 12:15 p.m.•2 views

CVE-2025-25171

Authentication Bypass Using an Alternate Path or Channel vulnerability in Convers Lab WP SmartPay smartpay allows Authentication Abuse.This issue affects WP SmartPay: from n/a through = 2.7.13...

8.8CVSS0.00194EPSS

Exploits0References1

Cvelist•added 2025/06/27 11:52 a.m.•9 views

CVE-2025-25171 WordPress WP SmartPay plugin <= 2.7.13 - Account Takeover vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in Convers Lab WP SmartPay smartpay allows Authentication Abuse.This issue affects WP SmartPay: from n/a through = 2.7.13...

8.8CVSS0.00194EPSS

Exploits0References1

CVE•added 2025/06/27 11:52 a.m.•18 views

CVE-2025-25171

The CVE-2025-25171 entry concerns WordPress WP SmartPay up to version 2.7.13, where an Authentication Bypass via an alternate path or channel allows Authentication Abuse (potential account takeover). Affected component: WP SmartPay plugin; root cause described as an authentication bypass enabling...

8.8CVSS5.9AI score0.00194EPSS

Exploits0References1

Vulnrichment•added 2025/06/27 11:52 a.m.•2 views

CVE-2025-25171 WordPress WP SmartPay plugin <= 2.7.13 - Account Takeover vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in ThemesGrove WP SmartPay allows Authentication Abuse. This issue affects WP SmartPay: from n/a through 2.7.13...

8.8CVSS7.2AI score0.00194EPSS

Exploits0References1

Positive Technologies•added 2025/06/27 12:0 a.m.•3 views

PT-2025-27083 · WordPress · Wp Smartpay

Name of the Vulnerable Software and Affected Versions: WP SmartPay versions 2.7.13 and earlier Description: The issue is related to an Authentication Bypass Using an Alternate Path or Channel, allowing authentication abuse. Recommendations: For WP SmartPay versions 2.7.13 and earlier, update to a...

8.8CVSS7AI score0.00194EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by