CVE-2026-35448

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the BlockonomicsYPT plugin's check.php endpoint returns payment order data for any Bitcoin address without requiring authentication. The endpoint was designed as an AJAX polling helper for the authenticated invoice.php page...

CVE-2026-35448

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the BlockonomicsYPT plugin's check.php endpoint returns payment order data for any Bitcoin address without requiring authentication. The endpoint was designed as an AJAX polling helper for the authenticated invoice.php page...

CVE-2026-35448 WWBN AVideo Provides Unauthenticated Access to Payment Order Data via BlockonomicsYPT check.php

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the BlockonomicsYPT plugin's check.php endpoint returns payment order data for any Bitcoin address without requiring authentication. The endpoint was designed as an AJAX polling helper for the authenticated invoice.php page...

CVE-2026-35448

CVE-2026-35448 / GHSA-3V7M-QG4X-58H9 : The BlockonomicsYPT integration in AVideo exposes an unauthenticated check.php endpoint that returns payment order data for any Bitcoin address without requiring login or access control. The endpoint accepts an addr parameter and returns fields such as id, u...

AVideo: Unauthenticated Access to Payment Order Data via BlockonomicsYPT check.php

Summary The BlockonomicsYPT plugin's check.php endpoint returns payment order data for any Bitcoin address without requiring authentication. The endpoint was designed as an AJAX polling helper for the authenticated invoice.php page, but it performs no access control checks of its own. Since Bitco...

GHSA-3V7M-QG4X-58H9 AVideo: Unauthenticated Access to Payment Order Data via BlockonomicsYPT check.php

Summary The BlockonomicsYPT plugin's check.php endpoint returns payment order data for any Bitcoin address without requiring authentication. The endpoint was designed as an AJAX polling helper for the authenticated invoice.php page, but it performs no access control checks of its own. Since Bitco...

EUVD-2022-49920

Malicious code in bioql PyPI...

CVE-2022-47145

Reflected Cross-Site Scripting XSS vulnerability in Blockonomics WordPress Bitcoin Payments – Blockonomics plugin = 3.5.7 versions...

CVE-2022-47145

Reflected Cross-Site Scripting XSS vulnerability in Blockonomics WordPress Bitcoin Payments – Blockonomics plugin = 3.5.7 versions...

CVE-2022-47145

Reflected Cross-Site Scripting XSS vulnerability in Blockonomics WordPress Bitcoin Payments – Blockonomics plugin = 3.5.7 versions...

Cross site scripting

Reflected Cross-Site Scripting XSS vulnerability in Blockonomics WordPress Bitcoin Payments – Blockonomics plugin = 3.5.7 versions...

CVE-2022-47145 WordPress Blockonomics Plugin <= 3.5.7 is vulnerable to Cross Site Scripting (XSS)

Reflected Cross-Site Scripting XSS vulnerability in Blockonomics WordPress Bitcoin Payments – Blockonomics plugin = 3.5.7 versions...

CVE-2022-47145 WordPress Blockonomics Plugin <= 3.5.7 is vulnerable to Cross Site Scripting (XSS)

Reflected Cross-Site Scripting XSS vulnerability in Blockonomics WordPress Bitcoin Payments – Blockonomics plugin = 3.5.7 versions...

CVE-2022-47145

CVE-2022-47145 affects Blockonomics WordPress Bitcoin Payments by Blockonomics plugin versions

PT-2023-15191 · Blockonomics · Blockonomics Wordpress Bitcoin Payments

Name of the Vulnerable Software and Affected Versions: Blockonomics WordPress Bitcoin Payments – Blockonomics plugin versions = 3.5.7 Description: The issue is a Reflected Cross-Site Scripting XSS vulnerability. This means an attacker can inject malicious scripts into a website, potentially...

WordPress Plugin Bitcoin Payments – Blockonomics 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability previously existed ...

WordPress Blockonomics Plugin <= 3.5.7 is vulnerable to Cross Site Scripting (XSS)

Software Blockonomics Type Plugin Vulnerable versions = 3.5.7 Fixed in 3.5.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-47145 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1d48ea18b387 Credits Team WeBoB Required...

Blockonomics < 3.5.8 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the filterby parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

WordPress Blockonomics Plugin <= 3.5.7 is vulnerable to Cross Site Scripting (XSS)

Software Blockonomics Type Plugin Vulnerable versions = 3.5.7 Fixed in 3.5.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID a483f702894f Credits N/A Required privilege...

WordPress Bitcoin Payments - Blockonomics < 3.3 - Reflected Cross-Site Scripting (XSS)

The plugin does not properly sanitise its filter action when viewing Orders before outputting it back in an attribute, leading to a reflected Cross-Site Scripting vulnerability. v alert/XSS/...