3 matches found
CVE-2026-5050 Payment Gateway for Redsys & WooCommerce Lite <= 7.0.0 - Improper Verification of Cryptographic Signature to Unauthenticated Payment Status Manipulation
The Payment Gateway for Redsys & WooCommerce Lite plugin for WordPress is vulnerable to Improper Verification of Cryptographic Signature in versions up to, and including, 7.0.0 due to successfulrequest handlers calculating a local signature but not validating DsSignature from the request before...
Wrong items length assertion in basic order
Lines of code Vulnerability details When fulfilling a basic order we need to assert that the parameter totalOriginalAdditionalRecipients is less or equal than the length of additionalRecipients written in calldata. However in prepareBasicFulfillmentFromCalldata this assertion is incorrect L346: /...
Shopify: deleted staff member can add his amazon marketplace web services account to the store.
Hi , I have found that if a staff member had access to settings for one single time , he can add his amazon marketplace web services account to the store anytime he wants even after he is deleted from the admins which allows him to fulfill orders for the online store using his own inventory store...