3 matches found
PT-2026-55495
Name of the Vulnerable Software and Affected Versions NEX-Forms – Ultimate Forms Plugin for WordPress versions prior to 9.2.3 Description Insufficient input sanitization and output escaping allow unauthenticated attackers to perform Stored Cross-Site Scripting XSS, a technique where malicious...
CVE-2025-12903
The Payment Plugins Braintree For WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wc-braintree/v1/3ds/vaultednonce REST API endpoint in all versions up to, and including, 3.2.78. This is due to the endpoint being registered with...
CVE-2025-12903 Payment Plugins Braintree For WooCommerce <= 3.2.78 - Missing Authorization to Payment Token Exposure and Transaction Fraud
The Payment Plugins Braintree For WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wc-braintree/v1/3ds/vaultednonce REST API endpoint in all versions up to, and including, 3.2.78. This is due to the endpoint being registered with...