12 matches found
EUVD-2026-29408
The Coinbase Commerce for Contact Form 7 plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.1.2. This is due to a missing capability check and missing nonce verification in the savesettings function, which is registered on the adminpostcccf7savesettings...
CVE-2026-6709
The Coinbase Commerce for Contact Form 7 plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.1.2. This is due to a missing capability check and missing nonce verification in the savesettings function, which is registered on the adminpostcccf7savesettings...
CVE-2026-6709
CVE-2026-6709 affects the WordPress plugin Coinbase Commerce for Contact Form 7 in versions up to and including 1.1.2. Root cause: missing capability check and nonce verification in the save_settings() function registered on the admin_post_cccf7_save_settings hook. Impact: authenticated attackers...
CVE-2026-6709 Coinbase Commerce for Contact Form 7 <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) API Key Modification via 'cccf7_api_key' Parameter
The Coinbase Commerce for Contact Form 7 plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.1.2. This is due to a missing capability check and missing nonce verification in the savesettings function, which is registered on the adminpostcccf7savesettings...
CVE-2026-6709 Coinbase Commerce for Contact Form 7 <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) API Key Modification via 'cccf7_api_key' Parameter
The Coinbase Commerce for Contact Form 7 plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.1.2. This is due to a missing capability check and missing nonce verification in the savesettings function, which is registered on the adminpostcccf7savesettings...
PT-2026-39963
The Coinbase Commerce for Contact Form 7 plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.1.2. This is due to a missing capability check and missing nonce verification in the save settings function, which is registered on the admin post cccf7 save...
WordPress plugin Coinbase Commerce for Contact Form 7 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...
WordPress Coinbase Commerce for Contact Form 7 plugin <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) API Key Modification vulnerability
Missing Authorization to Authenticated Subscriber+ API Key Modification vulnerability discovered by Legion Hunter in WordPress Plugin Coinbase Commerce for Contact Form 7 versions = 1.1.2...
CVE-2026-25396 WordPress Commerce Coinbase For WooCommerce plugin <= 1.6.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in CoderPress Commerce Coinbase For WooCommerce commerce-coinbase-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Commerce Coinbase For WooCommerce: from n/a through = 1.6.6...
Malicious code in webhook-example-coinbase-commerce-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware caf969b51a297b05f640bf97cc7a17661d904a676086486f87b2d3241a30e431 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-1196 Malicious code in webhook-example-coinbase-commerce-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware caf969b51a297b05f640bf97cc7a17661d904a676086486f87b2d3241a30e431 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
WordPress Coinbase Commerce for Contact Form 7 Plugin <= 1.1.1 is vulnerable to Cross Site Scripting (XSS)
Software Coinbase Commerce for Contact Form 7 Type Plugin Vulnerable versions = 1.1.1 Fixed in 1.1.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3aedb19051d2 Credits Rafie...