CVE-2025-12392

The Cryptocurrency Payment Gateway for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'handleoptinoptout' function in all versions up to, and including, 2.0.25. This makes it possible for unauthenticated attackers to op...

CVE-2025-12392 Cryptocurrency Payment Gateway for WooCommerce <= 2.0.25 - Missing Authorization to Unauthenticated Tracking Status Update

The Cryptocurrency Payment Gateway for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'handleoptinoptout' function in all versions up to, and including, 2.0.25. This makes it possible for unauthenticated attackers to op...

CVE-2025-12392 Cryptocurrency Payment Gateway for WooCommerce <= 2.0.25 - Missing Authorization to Unauthenticated Tracking Status Update

The Cryptocurrency Payment Gateway for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'handleoptinoptout' function in all versions up to, and including, 2.0.25. This makes it possible for unauthenticated attackers to op...

WordPress Cryptocurrency Payment Gateway for WooCommerce plugin <= 2.0.25 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Cryptocurrency Payment Gateway for WooCommerce versions = 2.0.25...

WordPress plugin Cryptocurrency Payment Gateway for WooCommerce 安全漏洞

WordPress Cryptocurrency Payment Gateway for WooCommerce plugin is a virtual currency payment collection plugin designed for WooCommerce e-commerce platform. WordPress Cryptocurrency Payment Gateway for WooCommerce plugin suffers from an unauthorized data modification vulnerability that stems fro...

Ukrainian REvil Hacker Sentenced to 13 Years and Ordered to Pay $16 Million

A Ukrainian national has been sentenced to more than 13 years in prison and ordered to pay $16 million in restitution for carrying out thousands of ransomware attacks and extorting victims. Yaroslav Vasinskyi aka Rabotnik, 24, along with his co-conspirators part of the REvil ransomware group...

CVE-2023-32128

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Adastra Crypto Cryptocurrency Payment & Donation Box – Accept Payments in any Cryptocurrency on your WP Site for Free.This issue affects Cryptocurrency Payment & Donation Box – Accept Payments in a...

Sql injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Adastra Crypto Cryptocurrency Payment & Donation Box – Accept Payments in any Cryptocurrency on your WP Site for Free.This issue affects Cryptocurrency Payment & Donation Box – Accept Payments in a...

CVE-2023-32128

CVE-2023-32128 relates to a SQL Injection in the WordPress plugin “Cryptocurrency Donation Box – Accept Payments in any Cryptocurrency on your WP Site for Free” (Adastra Crypto). Affected versions are ≤ 2.2.7; patched in 2.2.8. Multiple sources (Patchstack, Red Hat entry, CVE listing) confirm the...

CVE-2023-32128 WordPress Cryptocurrency Donation Box – Bitcoin & Crypto Donations Plugin <= 2.2.7 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Adastra Crypto Cryptocurrency Payment & Donation Box – Accept Payments in any Cryptocurrency on your WP Site for Free.This issue affects Cryptocurrency Payment & Donation Box – Accept Payments in a...

WordPress Plugin Cryptocurrency Payment & Donation Box SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the...

Beware of Big Head Ransomware: Spreading Through Fake Windows Updates

A developing piece of ransomware called Big Head is being distributed as part of a malvertising campaign that takes the form of bogus Microsoft Windows updates and Word installers. Big Head was first documented by Fortinet FortiGuard Labs last month, when it discovered multiple variants of the...

FBI Charges 6, Seizes 48 Domains Linked to DDoS-for-Hire Service Platforms

The U.S. Department of Justice DoJ on Wednesday announced the seizure of 48 domains that offered services to conduct distributed denial-of-service DDoS attacks on behalf of other threat actors, effectively lowering the barrier to entry for malicious activity. It also charged six suspects – Jeremi...

BTCPay Server Path Traversal Vulnerability

BTCPay Server is a self-hosted open source cryptocurrency payment processor. It is secure, private, uncensored and free. A path traversal vulnerability exists in BTCPay Server version 1.0.7.0 and prior versions, which arises from a failure of a networked system or product to properly filter speci...

BTCPay Server Information Disclosure Vulnerability

BTCPay Server is a self-hosted open source cryptocurrency payment processor. It is secure, private, uncensored and free. An information disclosure vulnerability exists in BTCPay Server versions prior to 1.0.6.0 that stems from a privacy vulnerability when using the payment button. No details of t...

Unspecified Vulnerability in BTCPay Server

BTCPay Server is a self-hosted open source cryptocurrency payment processor. It is secure, private, uncensored and free. A security vulnerability exists in BTCPay Server versions prior to 1.0.7.1, which stems from incorrectly handling policy settings that allow users to register. No details of th...