Сrimeware and financial cyberthreats in 2025

Kaspersky's Global Research and Analysis Team constantly monitors known and emerging cyberthreats directed at the financial industry, with banks and fintech companies being the most targeted. We also closely follow threats that aim to infiltrate a wider range of industries, namely ransomware...

WordPress SagePay Direct Payment Gateway Plugin <= 0.1.6.6 - Reflected XSS

This plugin is prone to a reflected cross site scripting vulnerability in pages/3DRedirect.php, pages/3DCallBack.php and pages/3DComplete.php multiple parameter. Solution Update the plugin...

WooCommerce SagePay Direct Payment Gateway 0.1.6.6 - pages/3DComplete.php Multiple Parameter Reflected XSS

The sagepay-direct-for-woocommerce-payment-gateway WordPress plugin was affected by a pages/3DComplete.php Multiple Parameter Reflected XSS security vulnerability...

CVE-2014-4549

Multiple cross-site scripting XSS vulnerabilities in pages/3DComplete.php in the WooCommerce SagePay Direct Payment Gateway plugin before 0.1.6.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 MD or 2 PARes parameter...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in pages/3DComplete.php in the WooCommerce SagePay Direct Payment Gateway plugin before 0.1.6.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 MD or 2 PARes parameter...

CVE-2014-4549

Multiple cross-site scripting XSS vulnerabilities in pages/3DComplete.php in the WooCommerce SagePay Direct Payment Gateway plugin before 0.1.6.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 MD or 2 PARes parameter...

CVE-2014-4549

CVE-2014-4549 affects the WordPress plugin WooCommerce SagePay Direct Payment Gateway (pages/3DComplete.php) with XSS via the (1) MD and (2) PARes parameters. Root cause is reflected HTML/script injection in that PHP page, leading to arbitrary script execution if exploited. Public sources indicat...

WordPress SagePay Direct Payment Gateway Plugin <= 0.1.6.7 - Multiple XSS

Because of these vulnerabilities in pages/3DComplete.php, the attackers to inject arbitrary web script or HTML. Solution Update the plugin...

NETELLER Direct Payment API is not vulnerable to reported parameter manipulation

Overview NETELLER Direct Payment API version 4.1.6 and possibly earlier versions were reported to be vulnerable to parameter manipulation via a modified HTTP POST request. After further analysis and discussion with NETELLER, this report was found to be incorrect. The NETELLER Direct Payment API i...