2 matches found
CVE-2026-15288
The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 2.2.1. This is due to the plugin accepting the payment amount directly from user-controlled POST data in the 'createpaymentintent' and...
PT-2019-18614 · Woocommerce · Woocommerce Paypal Checkout Payment Gateway
Name of the Vulnerable Software and Affected Versions: WooCommerce PayPal Checkout Payment Gateway plugin version 1.6.8 Description: The issue allows Parameter Tampering in an amount parameter, such as amount 1, in the /cgi-bin/webscr?cmd= cart endpoint. This can be exploited by purchasing an ite...