30 matches found
CVE-2026-5050
The Payment Gateway for Redsys & WooCommerce Lite plugin for WordPress is vulnerable to Improper Verification of Cryptographic Signature in versions up to, and including, 7.0.0 due to successfulrequest handlers calculating a local signature but not validating DsSignature from the request before...
Malicious Package
Overview @google-pay-trust/finish is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
MAL-2026-3320 Malicious code in @google-pay-trust/start (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16feef8620dbb1f3b6c7c6c67f9f7883438f368a3bfd2c2c591d7f30467e67c4 The package @google-pay-trust/start was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview @google-pay-trust/start is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...
Malicious Package
Overview @google-pay-trust/init-google-pay-result is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organizati...
Malicious Package
Overview @google-pay-trust/authorize-payment is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization an...
Malicious code in @google-pay-trust/start (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16feef8620dbb1f3b6c7c6c67f9f7883438f368a3bfd2c2c591d7f30467e67c4 The package @google-pay-trust/start was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview @google-pay-trust/cancelled is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
MAL-2026-3062 Malicious code in @google-pay-trust/cancelled (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4b7b08b4a3e94724e2b15686c111c5633ab73daf6f54dbcc7b758b91cfa3797a The package @google-pay-trust/cancelled was found to contain malicious code. Source: ghsa-malware...
Malicious code in @google-pay-trust/cancelled (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4b7b08b4a3e94724e2b15686c111c5633ab73daf6f54dbcc7b758b91cfa3797a The package @google-pay-trust/cancelled was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3061 Malicious code in @google-pay-trust/authorize-payment (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 34948be5ad2a3e52a1e1c577dafd82b6711762743bfd51bfd6433e7a780f7e36 The package @google-pay-trust/authorize-payment was found to contain malicious code. Source: ghsa-malware...
Malicious code in @google-pay-trust/authorize-payment (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 34948be5ad2a3e52a1e1c577dafd82b6711762743bfd51bfd6433e7a780f7e36 The package @google-pay-trust/authorize-payment was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3064 Malicious code in @google-pay-trust/init-google-pay (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 155365fdfef6534b365ca7ef2fd9ec698aa3a0af9e1130483658eba525f70e81 The package @google-pay-trust/init-google-pay was found to contain malicious code. Source: ghsa-malware...
Malicious code in @google-pay-trust/init-google-pay (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 155365fdfef6534b365ca7ef2fd9ec698aa3a0af9e1130483658eba525f70e81 The package @google-pay-trust/init-google-pay was found to contain malicious code. Source: ghsa-malware...
Malicious code in @google-pay-trust/finish (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3fd69ccad4854f078fe0d815a4f14a1b8ef69fd62704fbf4be49710a2c3926b2 The package @google-pay-trust/finish was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3063 Malicious code in @google-pay-trust/finish (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3fd69ccad4854f078fe0d815a4f14a1b8ef69fd62704fbf4be49710a2c3926b2 The package @google-pay-trust/finish was found to contain malicious code. Source: ghsa-malware...
EUVD-2026-23194
The Payment Gateway for Redsys & WooCommerce Lite plugin for WordPress is vulnerable to Improper Verification of Cryptographic Signature in versions up to, and including, 7.0.0 due to successfulrequest handlers calculating a local signature but not validating DsSignature from the request before...
CVE-2026-5050
The Payment Gateway for Redsys & WooCommerce Lite plugin for WordPress is vulnerable to Improper Verification of Cryptographic Signature in versions up to, and including, 7.0.0 due to successfulrequest handlers calculating a local signature but not validating DsSignature from the request before...
CVE-2026-5050
The CVE-2026-5050 entry details a vulnerability in the Payment Gateway for Redsys & WooCommerce Lite plugin for WordPress. Affected versions are up to and including 7.0.0. The root cause is improper verification of cryptographic signatures: successful_request() handlers compute a local signature ...
CVE-2026-5050
The Payment Gateway for Redsys & WooCommerce Lite plugin for WordPress is vulnerable to Improper Verification of Cryptographic Signature in versions up to, and including, 7.0.0 due to successfulrequest handlers calculating a local signature but not validating DsSignature from the request before...