CVE-2026-33661

Pay is an open-source payment SDK extension package for various Chinese payment services. Prior to version 3.7.20, the verifywechatsign function in src/Functions.php unconditionally skips all signature verification when the PSR-7 request reports localhost as the host. An attacker can exploit this...

CVE-2026-0692

The BlueSnap Payment Gateway for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.4.0. This is due to the plugin relying on WooCommerce's WCGeolocation::getipaddress function to validate IPN requests, which trusts user-controllable...

CVE-2025-13384 CP Contact Form with PayPal <= 1.3.56 - Missing Authorization to Unauthenticated Arbitrary Payment Confirmation

The CP Contact Form with PayPal plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.3.56. This is due to the plugin exposing an unauthenticated IPN-like endpoint via the 'cpcontactformppipncheck' query parameter that processes payment confirmations...

PT-2025-47828

Name of the Vulnerable Software and Affected Versions CP Contact Form with PayPal plugin for WordPress versions through 1.3.56 Description The CP Contact Form with PayPal plugin for WordPress is susceptible to unauthorized payment confirmation. The plugin exposes an unauthenticated endpoint via t...

CVE-2025-11271

The Easy Digital Downloads plugin for WordPress is vulnerable to Order Manipulation in all versions up to, and including, 3.5.2 due to an order verification bypass. The verification is unconditionally skipped when the POST body includes verificationoverride=1. Because this value is...

EUVD-2025-37973

The Easy Digital Downloads plugin for WordPress is vulnerable to Order Manipulation in all versions up to, and including, 3.5.2 due to an order verification bypass. The verification is unconditionally skipped when the POST body includes verificationoverride=1. Because this value is...