6 matches found
CVE-2026-3208 Mercado Pago payments for WooCommerce <= 8.7.11 - Missing Authorization to Unauthenticated PIX Payment QR Code Image Disclosure
The Mercado Pago payments for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'mppiximage' WooCommerce API endpoint in all versions up to, and including, 8.7.11. This makes it possible for unauthenticated attackers to retrieve...
Malicious code in demo-mercadopago-mcp-server (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a777ccccffbf142e34b0081be4681c4ffcb72aa584b99d15bfd58878e6085881 The OpenSSF Package Analysis project identified 'demo-mercadopago-mcp-server' @ 99.0.3 npm as malicious. It is considered malicious because: - T...
EUVD-2025-35680
Malicious code in demo-mercadopago-mcp-server npm...
MAL-2025-48558 Malicious code in demo-mercadopago-mcp-server (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a777ccccffbf142e34b0081be4681c4ffcb72aa584b99d15bfd58878e6085881 The OpenSSF Package Analysis project identified 'demo-mercadopago-mcp-server' @ 99.0.3 npm as malicious. It is considered malicious because: - T...
MercadoLibre: Stored Cross-Site Scripting in mercadopago.com.ar
The summary is as follows: A stored cross-site scripting vulnerability was discovered in mercadopago.com.ar. The issue was acknowledged and addressed by MercadoLibre internally...
MercadoPago Android App Information Disclosure
Advisory ID Internal CORE-2014-0011 1. Advisory Information Title: MercadoPago Android App Information Disclosure Advisory ID: CORE-2014-0011 Date published: 2014-12-19 Date of last update: 2014-12-17 Vendors contacted: Mercadolibre Release mode: Coordinated release 2. Vulnerability Information...