Lucene search
K

85 matches found

CVE
CVE
added 2025/05/23 12:43 p.m.56 views

CVE-2025-46487

CVE-2025-46487 is a Reflected Cross‑Site Scripting (XSS) vulnerability in the WordPress plugin EC Authorize.net . The affected range is shown as “n/a through 0.3.3” (i.e., versions up to and including 0.3.3). The root cause, per the description, is improper neutralization of input during web page...

7.1CVSS7.2AI score0.00228EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:22 a.m.14 views

CVE-2024-2382

The Authorize.net Payment Gateway For WooCommerce plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 8.0. This is due to the plugin not properly verifying the authenticity of the request that updates a orders payment status. This makes it possible for...

5.3CVSS6.8AI score0.00206EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/23 12:0 a.m.5 views

WordPress plugin EC Authorize.net 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

7.1CVSS7AI score0.00228EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 3:39 a.m.10 views

CVE-2012-5807

The Authorize.Net eCheck module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

5.8CVSS6.9AI score0.00566EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:14 a.m.9 views

CVE-2015-9365

Authorize.net Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via addqueryarg and removequeryarg...

6.1CVSS6AI score0.0095EPSS
Exploits0References1
NVD
NVD
added 2025/01/16 9:15 p.m.4 views

CVE-2025-23804

Cross-Site Request Forgery CSRF vulnerability in Shiv Prakash Tiwari WP Service Payment Form With Authorize.net wp-service-payment-form-with-authorizenet allows Reflected XSS.This issue affects WP Service Payment Form With Authorize.net: from n/a through = 2.6.0...

7.1CVSS0.00197EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/16 8:7 p.m.15 views

CVE-2025-23804 WordPress WP Service Payment Form With Authorize.net Plugin <= 2.6.0 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Shiv Prakash Tiwari WP Service Payment Form With Authorize.net wp-service-payment-form-with-authorizenet allows Reflected XSS.This issue affects WP Service Payment Form With Authorize.net: from n/a through = 2.6.0...

7.1CVSS0.00197EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/01/16 6:42 p.m.3 views

WordPress WP Service Payment Form With Authorize.net Plugin <= 2.6.0 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability

CSRF to Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin WP Service Payment Form With Authorize.net versions = 2.6.0...

7.1CVSS6.1AI score0.00197EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2025/01/16 12:0 a.m.3 views

WordPress plugin WP Service Payment Form With Authorize.net 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

7.1CVSS8.2AI score0.00197EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/12/18 3:22 a.m.18 views

CVE-2024-12250 Accept Authorize.NET Payments Using Contact Form 7 <= 2.2 - Unauthenticated Information Exposure

The Accept Authorize.NET Payments Using Contact Form 7 plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2 via the cf7adn-info.php file. This makes it possible for unauthenticated attackers to extract configuration data which can be used to aid in...

5.3CVSS0.00367EPSS
Exploits0References2
CVE
CVE
added 2024/12/12 3:23 a.m.47 views

CVE-2024-12258

CVE-2024-12258 — The WordPress plugin WP Service Payment Form With Authorize.net is vulnerable to Reflected Cross-Site Scripting via the page parameter in all versions up to 2.6.3 due to insufficient input sanitization and output escaping. The issue permits unauthenticated attackers to inject mal...

6.1CVSS6AI score0.00424EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/12/12 12:0 a.m.6 views

PT-2024-17512 · WordPress · Wp Service Payment Form With Authorize.Net

Name of the Vulnerable Software and Affected Versions: WP Service Payment Form With Authorize.net plugin for WordPress versions prior to 2.6.3 Description: The issue is related to insufficient input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary web scrip...

6.1CVSS7.5AI score0.00424EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/11/23 3:25 a.m.25 views

CVE-2024-11362 Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net <= 1.112.0 - Reflected Cross-Site Scripting

The Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.112.0. This makes it...

6.1CVSS0.00437EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/11/23 3:25 a.m.12 views

CVE-2024-11362 Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net <= 1.112.0 - Reflected Cross-Site Scripting

The Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.112.0. This makes it...

6.1CVSS6.4AI score0.00437EPSS
Exploits0References3
NVD
NVD
added 2024/06/04 6:15 a.m.29 views

CVE-2024-2382

The Authorize.net Payment Gateway For WooCommerce plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 8.0. This is due to the plugin not properly verifying the authenticity of the request that updates a orders payment status. This makes it possible for...

5.3CVSS5.2AI score0.00206EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/06/04 5:32 a.m.51 views

CVE-2024-2382 Authorize.net Payment Gateway For WooCommerce <= 8.0 - Insufficient Verification of Data Authenticity to Unauthenticated Payment Bypass

The Authorize.net Payment Gateway For WooCommerce plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 8.0. This is due to the plugin not properly verifying the authenticity of the request that updates a orders payment status. This makes it possible for...

5.3CVSS5.2AI score0.00206EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/06/04 12:0 a.m.8 views

WordPress Authorize.net Payment Gateway For WooCommerce Plugin <= 8.0 is vulnerable to Broken Access Control

Software Authorize.net Payment Gateway For WooCommerce Type Plugin Vulnerable versions = 8.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-2382 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 8eba1ac96b04 Credits Luci...

5.3CVSS6.6AI score0.00206EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/03 12:0 a.m.15 views

Authorize.net Payment Gateway For WooCommerce <= 8.0 - Insufficient Verification of Data Authenticity to Unauthenticated Payment Bypass

Description The Authorize.net Payment Gateway For WooCommerce plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 8.0. This is due to the plugin not properly verifying the authenticity of the request that updates a orders payment status. This makes it possib...

5.3CVSS6.8AI score0.00206EPSS
Exploits0References1
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.9 views

WordPress Authorize.Net Payment Gateway For WooCommerce Plugin < 6.0.4 is vulnerable to Cross Site Scripting (XSS)

Software Authorize.Net Payment Gateway For WooCommerce Type Plugin Vulnerable versions 6.0.4 Fixed in 6.0.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d6e190843d57 Credits Rafi...

6.8AI score0.00284EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.7 views

WordPress Authorize.Net Payment Gateway For WooCommerce plugin < 5.1.27 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Authorize.Net Payment Gateway For WooCommerce plugin versions 5.1.27. Solution Update the WordPress Authorize.Net Payment Gateway For WooCommerce plugin to the latest available version at least 5.1.27...

2.7AI score
Exploits0References2Affected Software1
Rows per page
Query Builder