CardGate < 3.1.16 - Unauthorised Payments Hijacking and Order Status Spoofing

Lack of origin authentication CWE-346 at IPN callback processing function allow even unauthorized attacker to remotely replace critical plugin settings merchant id, secret key etc with known to him and therefore bypass payment process eg. spoof order status by manually sending IPN callback reques...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the Shareaholic SexyBookmarks plugin 6.1.4.0 for WordPress allows remote attackers to hijack the authentication of users for requests that "manipulate plugin settings."...