85 matches found
CVE-2025-46487
CVE-2025-46487 is a Reflected Cross‑Site Scripting (XSS) vulnerability in the WordPress plugin EC Authorize.net . The affected range is shown as “n/a through 0.3.3” (i.e., versions up to and including 0.3.3). The root cause, per the description, is improper neutralization of input during web page...
CVE-2024-2382
The Authorize.net Payment Gateway For WooCommerce plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 8.0. This is due to the plugin not properly verifying the authenticity of the request that updates a orders payment status. This makes it possible for...
WordPress plugin EC Authorize.net 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
CVE-2012-5807
The Authorize.Net eCheck module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
CVE-2015-9365
Authorize.net Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via addqueryarg and removequeryarg...
CVE-2025-23804
Cross-Site Request Forgery CSRF vulnerability in Shiv Prakash Tiwari WP Service Payment Form With Authorize.net wp-service-payment-form-with-authorizenet allows Reflected XSS.This issue affects WP Service Payment Form With Authorize.net: from n/a through = 2.6.0...
CVE-2025-23804 WordPress WP Service Payment Form With Authorize.net Plugin <= 2.6.0 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Shiv Prakash Tiwari WP Service Payment Form With Authorize.net wp-service-payment-form-with-authorizenet allows Reflected XSS.This issue affects WP Service Payment Form With Authorize.net: from n/a through = 2.6.0...
WordPress WP Service Payment Form With Authorize.net Plugin <= 2.6.0 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability
CSRF to Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin WP Service Payment Form With Authorize.net versions = 2.6.0...
WordPress plugin WP Service Payment Form With Authorize.net 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
CVE-2024-12250 Accept Authorize.NET Payments Using Contact Form 7 <= 2.2 - Unauthenticated Information Exposure
The Accept Authorize.NET Payments Using Contact Form 7 plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2 via the cf7adn-info.php file. This makes it possible for unauthenticated attackers to extract configuration data which can be used to aid in...
CVE-2024-12258
CVE-2024-12258 — The WordPress plugin WP Service Payment Form With Authorize.net is vulnerable to Reflected Cross-Site Scripting via the page parameter in all versions up to 2.6.3 due to insufficient input sanitization and output escaping. The issue permits unauthenticated attackers to inject mal...
PT-2024-17512 · WordPress · Wp Service Payment Form With Authorize.Net
Name of the Vulnerable Software and Affected Versions: WP Service Payment Form With Authorize.net plugin for WordPress versions prior to 2.6.3 Description: The issue is related to insufficient input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary web scrip...
CVE-2024-11362 Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net <= 1.112.0 - Reflected Cross-Site Scripting
The Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.112.0. This makes it...
CVE-2024-11362 Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net <= 1.112.0 - Reflected Cross-Site Scripting
The Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.112.0. This makes it...
CVE-2024-2382
The Authorize.net Payment Gateway For WooCommerce plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 8.0. This is due to the plugin not properly verifying the authenticity of the request that updates a orders payment status. This makes it possible for...
CVE-2024-2382 Authorize.net Payment Gateway For WooCommerce <= 8.0 - Insufficient Verification of Data Authenticity to Unauthenticated Payment Bypass
The Authorize.net Payment Gateway For WooCommerce plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 8.0. This is due to the plugin not properly verifying the authenticity of the request that updates a orders payment status. This makes it possible for...
WordPress Authorize.net Payment Gateway For WooCommerce Plugin <= 8.0 is vulnerable to Broken Access Control
Software Authorize.net Payment Gateway For WooCommerce Type Plugin Vulnerable versions = 8.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-2382 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 8eba1ac96b04 Credits Luci...
Authorize.net Payment Gateway For WooCommerce <= 8.0 - Insufficient Verification of Data Authenticity to Unauthenticated Payment Bypass
Description The Authorize.net Payment Gateway For WooCommerce plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 8.0. This is due to the plugin not properly verifying the authenticity of the request that updates a orders payment status. This makes it possib...
WordPress Authorize.Net Payment Gateway For WooCommerce Plugin < 6.0.4 is vulnerable to Cross Site Scripting (XSS)
Software Authorize.Net Payment Gateway For WooCommerce Type Plugin Vulnerable versions 6.0.4 Fixed in 6.0.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d6e190843d57 Credits Rafi...
WordPress Authorize.Net Payment Gateway For WooCommerce plugin < 5.1.27 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Authorize.Net Payment Gateway For WooCommerce plugin versions 5.1.27. Solution Update the WordPress Authorize.Net Payment Gateway For WooCommerce plugin to the latest available version at least 5.1.27...