WordPress plugin Eupago Gateway For Woocommerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

MAL-2026-4381 Malicious code in @digicroz/typed-api-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 32c8c3e9ffd3f994b21011084101df521e232c2ee5dbe93fd51f36977549f2dc The exported paymentGateways.pay0Pg.createOrder API does not call pay0.shop directly. Instead, dist/index.js hardcodes a base URL of...

Malicious code in @digicroz/typed-api-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 32c8c3e9ffd3f994b21011084101df521e232c2ee5dbe93fd51f36977549f2dc The exported paymentGateways.pay0Pg.createOrder API does not call pay0.shop directly. Instead, dist/index.js hardcodes a base URL of...

CVE-2026-44826

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.2, Vvveb CMS does not validate the sign of the quantity parameter on the cart-add endpoint. Submitting a negative integer is accepted by the server and treated as a normal positi...

PT-2026-39974

The Slek Gateway for WooCommerce plugin for WordPress is vulnerable to Information Exposure in version 1.0. This is due to the wsb handle slek payment redirect function placing the merchant's slek key and slek secret API credentials directly into a client-side HTML form, and additionally embeddin...

WordPress plugin Slek Gateway for WooCommerce 信息泄露漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

EUVD-2026-27520

The Mercado Pago payments for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'mppiximage' WooCommerce API endpoint in all versions up to, and including, 8.7.11. This makes it possible for unauthenticated attackers to retrieve...

Malicious Package

Overview @apple-pay-trust/validate-merchant is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

Malicious Package

Overview @apple-pay-trust/merchant-session is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

Malicious code in @apple-pay-trust/merchant-session (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 923c69f651ada0a2a6e4033304213ed069036ecf60291ba062fff36b1253d48f The package @apple-pay-trust/merchant-session was found to contain malicious code. Source: ghsa-malware...

MAL-2026-3053 Malicious code in @apple-pay-trust/merchant-session (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 923c69f651ada0a2a6e4033304213ed069036ecf60291ba062fff36b1253d48f The package @apple-pay-trust/merchant-session was found to contain malicious code. Source: ghsa-malware...

MAL-2026-3055 Malicious code in @apple-pay-trust/validate-merchant (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 04e899c9f267696289778cbf0c2c4f8da289e47bb3bce95ffa4fa4e3fe290722 The package @apple-pay-trust/validate-merchant was found to contain malicious code. Source: ghsa-malware...

Malicious code in @apple-pay-trust/validate-merchant (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 04e899c9f267696289778cbf0c2c4f8da289e47bb3bce95ffa4fa4e3fe290722 The package @apple-pay-trust/validate-merchant was found to contain malicious code. Source: ghsa-malware...

GHSA-FXC9-7J2W-VX54 mpp has multiple payment bypass and griefing vulnerabilities

Impact Multiple vulnerabilities were discovered which allowed for undesirable behaviors, including: - Performing free tempo/charge requests - Replaying existing tempo/charge requests - Performing free tempo/session requests - Piggybacking off existing tempo/session channels - Griefing existing...

Malicious Package

Overview revolut-merchant-widget is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

Malicious code in merchant-rps (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d3e16d7a1d2277acd9102268accb99bf0054cf39ee5141d0380f920fedcc8e59 The package merchant-rps was found to contain malicious code...

MAL-2026-2371 Malicious code in merchant-rps (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d3e16d7a1d2277acd9102268accb99bf0054cf39ee5141d0380f920fedcc8e59 The package merchant-rps was found to contain malicious code...

MAL-2026-1481 Malicious code in revolut-merchant-widget (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector be3c58d0da88dbc307fda899df07f7e6badfcba4ccb5f98ce68e1daef3caa8c7 The package revolut-merchant-widget was found to contain malicious code. Source: ghsa-malware...

Malicious code in revolut-merchant-widget (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector be3c58d0da88dbc307fda899df07f7e6badfcba4ccb5f98ce68e1daef3caa8c7 The package revolut-merchant-widget was found to contain malicious code. Source: ghsa-malware...

CVE-2025-15482

The Chapa Payment Gateway Plugin for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.3 via 'chapaproceed' WooCommerce API endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including t...