Lucene search
+L

19 matches found

NVD
NVD
added 2026/06/27 8:16 a.m.11 views

CVE-2026-3462

The Frisbii Pay plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'uploadcsv' and 'processbatch' functions in all versions up to, and including, 1.8.9. This makes it possible for authenticated attackers, with Subscriber-level access an...

6.5CVSS0.00276EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/06/27 6:50 a.m.9 views

CVE-2026-3462

The Frisbii Pay plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'uploadcsv' and 'processbatch' functions in all versions up to, and including, 1.8.9. This makes it possible for authenticated attackers, with Subscriber-level access an...

6.5CVSS5.9AI score0.00276EPSS
Exploits1References6
CVE
CVE
added 2026/06/27 6:50 a.m.19 views

CVE-2026-3462

CVE-2026-3462 affects the Frisbii Pay plugin for WordPress (all versions up to 1.8.9). The vulnerability arises from missing capability checks on upload_csv and process_batch, enabling authenticated attackers with Subscriber-level access or higher to modify data by uploading arbitrary CSVs and ov...

6.5CVSS5.9AI score0.00276EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/06/27 6:50 a.m.42 views

CVE-2026-3462 Frisbii Pay <= 1.8.9 - Missing Authorization to Authenticated (Subscriber+) Payment Token Modification

The Frisbii Pay plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'uploadcsv' and 'processbatch' functions in all versions up to, and including, 1.8.9. This makes it possible for authenticated attackers, with Subscriber-level access an...

6.5CVSS0.00276EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.16 views

PT-2026-53057

Name of the Vulnerable Software and Affected Versions Frisbii Pay versions prior to 1.9.0 Description Authenticated users with Subscriber-level access and above can perform unauthorized modification of data. This is caused by missing capability checks in the upload csv and process batch functions...

6.5CVSS5.9AI score0.00276EPSS
Exploits1References10
NVD
NVD
added 2026/06/26 3:16 p.m.7 views

CVE-2026-56038

Contributor Privilege Escalation in Frisbii Pay = 1.8.2 versions...

8.8CVSS0.00232EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:52 p.m.33 views

CVE-2026-56038 WordPress Frisbii Pay plugin <= 1.8.2 - Privilege Escalation vulnerability

Contributor Privilege Escalation in Frisbii Pay = 1.8.2 versions...

8.8CVSS0.00232EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:52 p.m.12 views

CVE-2026-56038

The CVE-2026-56038 entry concerns the WordPress Frisbii Pay plugin, affected on versions ≤ 1.8.2. The connected documents identify a privilege-escalation issue titled “Contributor Privilege Escalation,” indicating an attacker with low access could elevate to contributor privileges. The root cause...

8.8CVSS5.8AI score0.00232EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:52 p.m.7 views

EUVD-2026-39700

Contributor Privilege Escalation in Frisbii Pay = 1.8.2 versions...

8.8CVSS5.8AI score0.00232EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/24 2:24 p.m.5 views

WordPress Frisbii Pay plugin <= 1.8.2 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Denver Jackson in WordPress Plugin Frisbii Pay versions = 1.8.2...

8.8CVSS5.8AI score0.00232EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-26550

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00308EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/05 3:22 p.m.5 views

CVE-2025-58616

Missing Authorization vulnerability in Frisbii Frisbii Pay reepay-checkout-gateway allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Frisbii Pay: from n/a through = 1.8.2.1...

6.5CVSS5.9AI score0.00308EPSS
Exploits0References1
NVD
NVD
added 2025/09/03 3:15 p.m.11 views

CVE-2025-58616

Missing Authorization vulnerability in Frisbii Frisbii Pay reepay-checkout-gateway allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Frisbii Pay: from n/a through = 1.8.2.1...

6.5CVSS0.00308EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/09/03 3:9 p.m.4 views

WordPress Frisbii Pay Plugin <= 1.8.2.1 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Denver Jackson in WordPress Plugin Frisbii Pay versions = 1.8.2.1...

6.5CVSS6.7AI score0.00308EPSS
Exploits0Affected Software1
CVE
CVE
added 2025/09/03 2:36 p.m.15 views

CVE-2025-58616

CVE-2025-58616 concerns the WordPress Frisbii Pay plugin (versions up to 1.8.2.1) with a Missing Authorization / Broken Access Control vulnerability. The issue arises from incorrectly configured access control, enabling unauthorized actions. CVSS v3.1 base score 6.5 (Network, Low attack complexit...

6.5CVSS5.9AI score0.00308EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/03 2:36 p.m.4 views

CVE-2025-58616 WordPress Frisbii Pay Plugin <= 1.8.2.1 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Frisbii Frisbii Pay reepay-checkout-gateway allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Frisbii Pay: from n/a through = 1.8.2.1...

6.5CVSS5.9AI score0.00308EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/03 2:36 p.m.14 views

CVE-2025-58616 WordPress Frisbii Pay Plugin <= 1.8.2.1 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Frisbii Frisbii Pay reepay-checkout-gateway allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Frisbii Pay: from n/a through = 1.8.2.1...

6.5CVSS0.00308EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/03 12:0 a.m.2 views

WordPress plugin Frisbii Pay 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

6.5CVSS6.5AI score0.00308EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/03 12:0 a.m.12 views

PT-2025-35750

Name of the Vulnerable Software and Affected Versions: Frisbii Pay versions through 1.8.2.1 Description: A missing authorization issue exists in Frisbii Pay, allowing exploitation due to incorrectly configured access control security levels. Recommendations: At the moment, there is no information...

6.5CVSS6.1AI score0.00308EPSS
Exploits0References3
Rows per page
Query Builder