Lucene search
K

6 matches found

NVD
NVD
added 3 days ago6 views

CVE-2026-11901

The WP Hotel Booking plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in all versions up to, and including, 2.3.1. This is due to the webhookprocesspaypalstandard IPN handler selecting its PayPal validation endpoint from the attacker-controlled $REQUEST'testipn...

5.3CVSS0.00177EPSS
Exploits0References10
EUVD
EUVD
added 2026/06/06 2:28 a.m.18 views

EUVD-2026-34954

The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to and including 1.10.0.1. This is due to the PayPal Commerce webhook endpoint processing unauthenticat...

5.3CVSS5.4AI score0.00202EPSS
Exploits0References14
Patchstack
Patchstack
added 2025/12/08 7:12 a.m.16 views

WordPress Fluent Forms plugin <= 6.1.7 - Unauthenticated Insecure Direct Object Reference to Payment Status Tampering via submission_id vulnerability

Unauthenticated Insecure Direct Object Reference to Payment Status Tampering via submissionid vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin FluentForm versions = 6.1.7...

5.3CVSS6.8AI score0.0026EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/12/06 6:39 a.m.26 views

CVE-2025-13748 Fluent Forms <= 6.1.7 - Unauthenticated Insecure Direct Object Reference to Payment Status Tampering via submission_id

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.1.7 via the 'submissionid' parameter due to missing validation on a user controlled key within...

5.3CVSS0.0026EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/12/04 12:5 a.m.5 views

WordPress Beaver Builder – WordPress Page Builder plugin <= 2.9.4 - Missing Authorization to Authenticated (Contributor+) Builder Status Tampering vulnerability

Missing Authorization to Authenticated Contributor+ Builder Status Tampering vulnerability discovered by WordFence in WordPress Plugin Beaver Builder versions = 2.9.4...

4.3CVSS6.7AI score0.00251EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2022/03/18 12:0 a.m.4 views

Syltek application 数据伪造问题漏洞

Syltek application is an application. A security vulnerability previously existed in the Syltek application version 10.22.00 that allowed an attacker to spoof a request and bypass the payment system by marking the item as paid without any authentication...

7.5CVSS7.4AI score0.00457EPSS
Exploits0References2
Rows per page
Query Builder