Lucene search
K

14 matches found

Cvelist
Cvelist
added 2026/04/15 8:28 a.m.37 views

CVE-2026-3461 Visa Acceptance Solutions <= 2.1.0 - Unauthenticated Authentication Bypass via Billing Email

The Visa Acceptance Solutions plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.1.0. This is due to the expresspayproductpagepayfororder function logging users in based solely on a user-supplied billing email address during guest checkout for...

9.8CVSS0.00475EPSS
Exploits0References5
Malwarebytes
Malwarebytes
added 2026/01/07 12:19 p.m.5 views

One million customers on alert as extortion group claims massive Brightspeed data haul

US fiber broadband company Brightspeed is investigating claims by the Crimson Collective extortion group that it stole sensitive data belonging to more than 1 million residential customers, including extensive personally identifiable information PII, as well as account and billing details...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/10/07 8:34 a.m.5 views

Discord warns users after data stolen in third-party breach

Popular social platform Discord has suffered a data breach—though technically, it wasn’t Discord itself that was hacked. A third-party customer support provider was compromised, allowing attackers to access Discord’s user data. Either way, it’s Discord users who feel the impact. The breach, which...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-8536

Malware in sbrugna...

6.1CVSS6.2AI score0.01628EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/23 2:5 a.m.9 views

CVE-2023-6966

The The Moneytizer plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on multiple AJAX functions in the /core/coreajax.php file in all versions up to, and including, 9.6.3. This makes it possible for...

8.1CVSS5.9AI score0.00394EPSS
Exploits0References1
CVE
CVE
added 2024/06/06 2:2 a.m.61 views

CVE-2023-6966

The Moneytizer WordPress plugin (The Moneytizer) is vulnerable in versions up to 9.5.20 due to a missing capability check in core_ajax.php across multiple AJAX functions. This allows authenticated users with subscriber privileges and higher to view/update billing and bank details, adjust plugin s...

8.1CVSS5.9AI score0.00394EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/06/05 12:0 a.m.7 views

PT-2024-15150 · WordPress · The Moneytizer

Name of the Vulnerable Software and Affected Versions: The Moneytizer plugin for WordPress versions up to, and including, 9.5.20 Description: The issue is due to missing or incorrect nonce validation on multiple AJAX functions, making it possible for unauthenticated attackers to update and retrie...

8.1CVSS6.8AI score0.00196EPSS
Exploits0References9
WPVulnDB
WPVulnDB
added 2024/06/05 12:0 a.m.12 views

The Moneytizer <= 9.5.20 - Missing Authorization via multiple AJAX actions

Description The The Moneytizer plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on multiple AJAX functions in the /core/coreajax.php file in all versions up to, and including, 9.5.20. This makes it possible...

8.1CVSS6.4AI score0.00394EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2020/07/24 12:0 a.m.19 views

WooCommerce Subscriptions < 2.6.3 - Unauthenticated Stored Cross-Site Scripting (XSS)

An unauthenticated user could put XSS payload in their billing details when subscribing, which will then be executed in the admin dashboard when moused over...

4.3CVSS1.9AI score0.01628EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2020/07/23 8:15 p.m.5 views

CVE-2019-18834

Persistent XSS in the WooCommerce Subscriptions plugin before 2.6.3 for WordPress allows remote attackers to execute arbitrary JavaScript because Billing Details are mishandled in WCSAdminPostTypes in class-wcs-admin-post-types.php...

6.1CVSS6AI score0.01628EPSS
Exploits1References3
NVD
NVD
added 2020/07/23 8:15 p.m.21 views

CVE-2019-18834

Persistent XSS in the WooCommerce Subscriptions plugin before 2.6.3 for WordPress allows remote attackers to execute arbitrary JavaScript because Billing Details are mishandled in WCSAdminPostTypes in class-wcs-admin-post-types.php...

6.1CVSS6.4AI score0.01628EPSS
Exploits1References3
Prion
Prion
added 2020/07/23 8:15 p.m.13 views

Cross site scripting

Persistent XSS in the WooCommerce Subscriptions plugin before 2.6.3 for WordPress allows remote attackers to execute arbitrary JavaScript because Billing Details are mishandled in WCSAdminPostTypes in class-wcs-admin-post-types.php...

4.3CVSS6.4AI score0.01628EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2020/07/23 7:42 p.m.30 views

CVE-2019-18834

Persistent XSS in the WooCommerce Subscriptions plugin before 2.6.3 for WordPress allows remote attackers to execute arbitrary JavaScript because Billing Details are mishandled in WCSAdminPostTypes in class-wcs-admin-post-types.php...

6.4AI score0.01628EPSS
Exploits1References3
exploitpack
exploitpack
added 2011/08/05 12:0 a.m.12 views

WordPress Plugin E-Commerce 3.8.4 - SQL Injection

WordPress Plugin E-Commerce 3.8.4 - SQL Injection Exploit Title: WP E-commerce plugin $value $formsql = "SELECT FROM " . WPSCTABLECHECKOUTFORMS . " WHERE id = '$valueid' LIMIT 1"; $formdata = $wpdb-getrow $formsql, ARRAYA ; FIX: Upgrade to version 3.8.5 Bug found by: IHTeam For GetShopped as thei...

0.5AI score
Exploits0
Rows per page
Query Builder