15 matches found
CVE-2026-1782
The MetForm Pro plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 3.9.7 This is due to the payment integrations Stripe/PayPal trusting a user-submitted calculation field value without recomputing or validating it against the configured form pric...
WordPress MetForm Pro plugin <= 3.9.7 - Unauthenticated Payment Amount Manipulation via 'mf-calculation' vulnerability
Unauthenticated Payment Amount Manipulation via 'mf-calculation' vulnerability discovered by andrea bocchetti in WordPress Plugin MetForm Pro versions = 3.9.7...
CVE-2026-2888
The Formidable Forms plugin for WordPress is vulnerable to an authorization bypass through user-controlled key in all versions up to, and including, 6.28. This is due to the frmstrpamount AJAX handler updateintentajax overwriting the global $POST data with attacker-controlled JSON input and then...
CVE-2026-2888
The Formidable Forms plugin for WordPress is vulnerable to an authorization bypass through user-controlled key in all versions up to, and including, 6.28. This is due to the frmstrpamount AJAX handler updateintentajax overwriting the global $POST data with attacker-controlled JSON input and then...
CVE-2023-0998
A vulnerability classified as critical has been found in SourceCodester Alphaware Simple E-Commerce System 1.0. This affects an unknown part of the file /alphaware/summary.php of the component Payment Handler. The manipulation of the argument amount leads to improper access controls. It is possib...
CVE-2025-29788
The Syliud PayPal Plugin is the Sylius Core Team’s plugin for the PayPal Commerce Platform. A vulnerability in versions prior to 1.6.1, 1.7.1, and 2.0.1 allows users to manipulate the final payment amount processed by PayPal. If a user modifies the item quantity in their shopping cart after...
CVE-2025-29788 Sylius PayPal Plugin Payment Amount Manipulation Vulnerability
The Syliud PayPal Plugin is the Sylius Core Team’s plugin for the PayPal Commerce Platform. A vulnerability in versions prior to 1.6.1, 1.7.1, and 2.0.1 allows users to manipulate the final payment amount processed by PayPal. If a user modifies the item quantity in their shopping cart after...
CVE-2025-29788 Sylius PayPal Plugin Payment Amount Manipulation Vulnerability
The Syliud PayPal Plugin is the Sylius Core Team’s plugin for the PayPal Commerce Platform. A vulnerability in versions prior to 1.6.1, 1.7.1, and 2.0.1 allows users to manipulate the final payment amount processed by PayPal. If a user modifies the item quantity in their shopping cart after...
CVE-2025-29788 Sylius PayPal Plugin Payment Amount Manipulation Vulnerability
The Syliud PayPal Plugin is the Sylius Core Team’s plugin for the PayPal Commerce Platform. A vulnerability in versions prior to 1.6.1, 1.7.1, and 2.0.1 allows users to manipulate the final payment amount processed by PayPal. If a user modifies the item quantity in their shopping cart after...
PayPal Plugin 安全漏洞
PayPal Plugin is an open source plugin for the PayPal commerce platform from Sylius eCommerce. A security vulnerability exists in PayPal Plugin versions prior to 1.6.1, prior to 1.7.1, and prior to 2.0.1, which stems from payment amount manipulation and could lead to fraud...
CVE-2023-0998
A vulnerability classified as critical has been found in SourceCodester Alphaware Simple E-Commerce System 1.0. This affects an unknown part of the file /alphaware/summary.php of the component Payment Handler. The manipulation of the argument amount leads to improper access controls. It is possib...
Input validation
Improper input validation vulnerability in Mangboard commerce package could lead to occur for abnormal request. A remote attacker can exploit this vulnerability to manipulate the total order amount into a negative number and then pay for the order...
CVE-2021-26631
The CVE-2021-26631 entry concerns Mangboard commerce package: an improper input validation vulnerability that allows a remote attacker to manipulate an order’s total amount to a negative value and complete payment. Public sources mention affected versions prior to 1.3.8 (CNNVD), with additional d...
Multiple Vulnerabilities in the EnjoyShop App
Enjoy a purchase app is an online shopping application. There are vulnerabilities in arbitrary user password change, arbitrary account login, arbitrary user payment password reset and payment design of Enjoy a purchase app. An attacker can reset any user, login to any account, reset any payment...
EZZY APP Android version of the deposit function module has a payment design loophole
EZZY APP is a car intelligent sharing platform APP created by Beijing Daimeng Technology Co. The Android version of EZZY APP has a vulnerability in the amount payment design. After logging into the system, an attacker can arbitrarily modify the size of the payment amount by clicking on the paymen...