WordPress CP Contact Form with PayPal plugin <= 1.3.56 - Missing Authorization to Unauthenticated Arbitrary Payment Confirmation vulnerability

Missing Authorization to Unauthenticated Arbitrary Payment Confirmation vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin CP Contact Form with Paypal versions = 1.3.56...

CVE-2013-0182

The Payment module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict access to payments, which allows remote attackers to read arbitrary payments...

CVE-2024-1175

CVE-2024-1175 affects WP-Recall – Registration, Profile, Commerce & More for WordPress. Red Hat advisory RH:CVE-2024-1175 confirms an unauthenticated data loss vulnerability caused by a missing capability check in the delete_payment function, exploitable on all versions up to 16.26.6. The vulnera...

CVE-2024-1175 WP-Recall – Registration, Profile, Commerce & More <= 16.26.6 - Unauthenticated Payment Deletion via delete_payment

The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'deletepayment' function in all versions up to, and including, 16.26.6. This makes it possible for unauthenticated attackers to delete...

CVE-2013-0182

The CVE-2013-0182 issue affects the Drupal contributed module Payment (7.x-1.x) prior to 7.x-1.3. The root cause is improper access control that lets remote attackers read other users’ payments. Impact is information disclosure of payments; Drupal core is not affected. Public details confirm the ...