Lucene search
+L

8 matches found

EUVD
EUVD
added yesterday6 views

EUVD-2026-45145

The PhonePe Payment Solutions WordPress plugin before 3.1.0 does not properly verify the authenticity of incoming payment callbacks: the secret used to validate the callback signature is empty on sites configured through the current setup flow, so the expected signature reduces to an unkeyed hash...

7.5CVSS5.4AI score0.00137EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-11575

The PhonePe Payment Solutions WordPress plugin before 3.1.0 does not properly verify the authenticity of incoming payment callbacks: the secret used to validate the callback signature is empty on sites configured through the current setup flow, so the expected signature reduces to an unkeyed hash...

5.4AI score0.00137EPSS
Exploits0References1
NVD
NVD
added 2026/07/10 9:16 p.m.6 views

CVE-2026-13039

The Eventin – Event Calendar, Event Registration, Tickets & Booking AI Powered plugin for WordPress is vulnerable to authorization bypass due to a regression in versions from 4.0.26 up to and including 4.1.15. This is due to the plugin not properly verifying that a user is authorized to perform a...

5.3CVSS0.00257EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/10 8:31 p.m.6 views

EUVD-2026-43025

The Eventin – Event Calendar, Event Registration, Tickets & Booking AI Powered plugin for WordPress is vulnerable to authorization bypass due to a regression in versions from 4.0.26 up to and including 4.1.15. This is due to the plugin not properly verifying that a user is authorized to perform a...

5.3CVSS6.1AI score0.00257EPSS
Exploits0References2
CVE
CVE
added 2026/07/10 8:31 p.m.9 views

CVE-2026-13039

The Eventin plugin for WordPress (versions 4.0.26–4.1.15) has an authorization bypass in payment_complete() via REST API due to insufficient verification of user authorization. Unauthenticated attackers can mark unpaid ticket orders as completed by submitting a fabricated SureCart checkout ID or ...

5.3CVSS6.1AI score0.00257EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/10 8:31 p.m.32 views

CVE-2026-13039 Eventin 4.0.26 - 4.1.15 - Missing Authorization to Unauthenticated Payment Bypass via REST API

The Eventin – Event Calendar, Event Registration, Tickets & Booking AI Powered plugin for WordPress is vulnerable to authorization bypass due to a regression in versions from 4.0.26 up to and including 4.1.15. This is due to the plugin not properly verifying that a user is authorized to perform a...

5.3CVSS0.00257EPSS
Exploits0References2
NVD
NVD
added 2025/11/04 5:16 a.m.13 views

CVE-2025-11890

The Crypto Payment Gateway with Payeer for WooCommerce plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 1.0.3. This is due to the plugin not properly verifying a payments status through server-side validation though the /wc-api/bp-payeer-gateway-callback...

7.5CVSS0.00273EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/04 4:27 a.m.12 views

CVE-2025-11890 Crypto Payment Gateway with Payeer for WooCommerce <= 1.0.3 - Unauthenticated Payment Bypass

The Crypto Payment Gateway with Payeer for WooCommerce plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 1.0.3. This is due to the plugin not properly verifying a payments status through server-side validation though the /wc-api/bp-payeer-gateway-callback...

7.5CVSS0.00273EPSS
Exploits0References2
Rows per page
Query Builder