Lucene search
K

16 matches found

EUVD
EUVD
added yesterday7 views

EUVD-2026-43149

The WP Hotel Booking plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in all versions up to, and including, 2.3.1. This is due to the webhookprocesspaypalstandard IPN handler selecting its PayPal validation endpoint from the attacker-controlled $REQUEST'testipn...

5.3CVSS6.1AI score0.0018EPSS
Exploits0References10
NVD
NVD
added 6 days ago8 views

CVE-2026-42341

FOSSBilling is a free, open-source billing and client management system. Versions 0.6.0 through 0.7.2 have an unauthenticated payment bypass vulnerability in FOSSBilling's IPN callback endpoint. When the Custom payment adapter is enabled, an attacker can mark any unpaid invoice as paid and credit...

9.2CVSS0.00184EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago36 views

CVE-2026-42341 FOSSBilling has an unauthenticated payment bypass via IPN callback forgery

FOSSBilling is a free, open-source billing and client management system. Versions 0.6.0 through 0.7.2 have an unauthenticated payment bypass vulnerability in FOSSBilling's IPN callback endpoint. When the Custom payment adapter is enabled, an attacker can mark any unpaid invoice as paid and credit...

9.2CVSS0.00184EPSS
Exploits0References1
CVE
CVE
added 2026/05/29 8:28 a.m.29 views

CVE-2026-9189

Product & component : WordPress, Contact Form 7 – PayPal & Stripe Add-on. Vulnerability : Payment Bypass via IPN handling flaw in cf7pp_paypal_ipn_handler where the IPN payload’s mc_gross, mc_currency, or receiver_email aren’t compared against stored order values before passing the attacker-contr...

5.3CVSS5.9AI score0.00204EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

WordPress plugin Slek Gateway for WooCommerce 信息泄露漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

5.3CVSS5.9AI score0.00251EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/09 1:23 a.m.5 views

CVE-2026-39366

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the PayPal IPN v1 handler at plugin/PayPalYPT/ipn.php lacks transaction deduplication, allowing an attacker to replay a single legitimate IPN notification to repeatedly inflate their wallet balance and renew subscriptions...

6.5CVSS5.9AI score0.0017EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/08 12:8 a.m.8 views

WWBN AVideo Affected by a PayPal IPN Replay Attack Enabling Wallet Balance Inflation via Missing Transaction Deduplication in ipn.php

Summary The PayPal IPN v1 handler at plugin/PayPalYPT/ipn.php lacks transaction deduplication, allowing an attacker to replay a single legitimate IPN notification to repeatedly inflate their wallet balance and renew subscriptions. The newer ipnV2.php and webhook.php handlers correctly deduplicate...

6.5CVSS6.1AI score0.0017EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/02/27 4:16 a.m.8 views

CVE-2026-2428

The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in all versions up to, and including, 6.1.17. This is due to the PayPal IPN Instant Payment Notification verification being disabled by default disableipnverification defaults to...

7.5CVSS0.00139EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/27 3:23 a.m.6 views

CVE-2026-2428 Fluent Forms Pro Add On Pack <= 6.1.17 - Missing Authorization to Unauthenticated Payment Status modification

The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in all versions up to, and including, 6.1.17. This is due to the PayPal IPN Instant Payment Notification verification being disabled by default disableipnverification defaults to...

7.5CVSS5.9AI score0.00139EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.9 views

PT-2026-22290

Name of the Vulnerable Software and Affected Versions Fluent Forms Pro Add On Pack for WordPress versions through 6.1.17 Description The software contains a flaw related to insufficient verification of data authenticity. Specifically, PayPal IPN Instant Payment Notification verification is disabl...

7.5CVSS5.9AI score0.00139EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/02/14 12:0 a.m.13 views

PT-2026-8048

The BlueSnap Payment Gateway for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.3.0. This is due to the plugin relying on WooCommerce's WC Geolocation::get ip address function to validate IPN requests, which trusts user-controllable...

7.5CVSS5.5AI score0.00281EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/14 12:0 a.m.8 views

WordPress plugin BlueSnap Payment Gateway for WooCommerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

7.5CVSS5.8AI score0.00281EPSS
Exploits0References3
EUVD
EUVD
added 2025/11/22 9:31 a.m.4 views

EUVD-2025-198532

The Booking Calendar Contact Form plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.2.60. This is due to missing authorization checks and payment verification in the dexbccfcheckIPNverification function. This makes it possible for unauthenticated...

5.3CVSS5.5AI score0.00271EPSS
Exploits0References5
EUVD
EUVD
added 2025/11/22 9:31 a.m.6 views

EUVD-2025-198535

The Subscriptions & Memberships for PayPal plugin for WordPress is vulnerable to fake payment creation in all versions up to, and including, 1.1.7. This is due to the plugin not properly verifying the authenticity of an IPN request. This makes it possible for unauthenticated attackers to create...

5.3CVSS5.6AI score0.00152EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/11/22 7:29 a.m.14 views

CVE-2025-12752 Subscriptions & Memberships for PayPal <= 1.1.7 - Unauthenticated Fake Payment Creation

The Subscriptions & Memberships for PayPal plugin for WordPress is vulnerable to fake payment creation in all versions up to, and including, 1.1.7. This is due to the plugin not properly verifying the authenticity of an IPN request. This makes it possible for unauthenticated attackers to create...

5.3CVSS0.00152EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/11/22 7:29 a.m.2 views

CVE-2025-12752 Subscriptions & Memberships for PayPal <= 1.1.7 - Unauthenticated Fake Payment Creation

The Subscriptions & Memberships for PayPal plugin for WordPress is vulnerable to fake payment creation in all versions up to, and including, 1.1.7. This is due to the plugin not properly verifying the authenticity of an IPN request. This makes it possible for unauthenticated attackers to create...

5.3CVSS5.7AI score0.00152EPSS
Exploits0References3
Rows per page
Query Builder