CVE-2026-9189 Contact Form 7 – PayPal & Stripe Add-on <= 2.4.9 - Unauthenticated Payment Bypass via Insufficient Verification of Data Authenticity via PayPal IPN Handler ('invoice'/'mc_gross' Verification)

The Contact Form 7 – PayPal & Stripe Add-on plugin for WordPress is vulnerable to Payment Bypass via Insufficient Verification of Data Authenticity in all versions up to, and including, 2.4.9. Although cf7pppaypalipnhandler correctly validates IPN authenticity by posting back to PayPal with...

CVE-2026-5050

The Payment Gateway for Redsys & WooCommerce Lite plugin for WordPress is vulnerable to Improper Verification of Cryptographic Signature in versions up to, and including, 7.0.0 due to successfulrequest handlers calculating a local signature but not validating DsSignature from the request before...

CVE-2026-2592

The Zarinpal Gateway for WooCommerce plugin for WordPress is vulnerable to Improper Access Control to Payment Status Update in all versions up to and including 5.0.16. This is due to the payment callback handler 'ReturnfromZarinPalGateway' failing to validate that the authority token provided in...

CVE-2026-0656 iPaymu Payment Gateway for WooCommerce <= 2.0.2 - Missing Authentication to Unauthenticated Payment Bypass and Order Information Disclosure

The iPaymu Payment Gateway for WooCommerce plugin for WordPress is vulnerable to Missing Authentication in all versions up to, and including, 2.0.2 via the 'checkipaymuresponse' function. This is due to the plugin not validating webhook request authenticity through signature verification or origi...

CVE-2026-0656 iPaymu Payment Gateway for WooCommerce <= 2.0.2 - Missing Authentication to Unauthenticated Payment Bypass and Order Information Disclosure

The iPaymu Payment Gateway for WooCommerce plugin for WordPress is vulnerable to Missing Authentication in all versions up to, and including, 2.0.2 via the 'checkipaymuresponse' function. This is due to the plugin not validating webhook request authenticity through signature verification or origi...

CVE-2025-15087 youlaitech youlai-mall OrderController.java submitOrderPayment improper authorization

A security vulnerability has been detected in youlaitech youlai-mall 1.0.0/2.0.0. Affected is the function submitOrderPayment of the file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/OrderController.java. Such manipulation of the argument orderSn leads to improper...

CVE-2025-15087 youlaitech youlai-mall OrderController.java submitOrderPayment improper authorization

A security vulnerability has been detected in youlaitech youlai-mall 1.0.0/2.0.0. Affected is the function submitOrderPayment of the file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/OrderController.java. Such manipulation of the argument orderSn leads to improper...

CVE-2025-15084

A vulnerability was identified in youlaitech youlai-mall 1.0.0/2.0.0. The impacted element is the function orderService.payOrder of the file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/OrderController.java of the component Order Payment Handler. The manipulation leads to...

youlai-mall 访问控制错误漏洞

youlai-mall is a full-stack mall system by youlaitech open source. youlai-mall version 1.0.0 and 2.0.0 versions of access control error vulnerability , the vulnerability stems from the Order Payment Handler component file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/ The functio...

PT-2025-53407

Name of the Vulnerable Software and Affected Versions youlaitech youlai-mall versions 1.0.0 through 2.0.0 Description An issue exists in youlaitech youlai-mall that relates to improper access controls. The affected component is the Order Payment Handler, specifically within the...

EUVD-2015-4391

Malware in sbrugna...

CVE-2025-5136

A vulnerability, which was classified as problematic, was found in Tmall Demo up to 20250505. This affects an unknown part of the file /tmall/order/pay/ of the component Payment Identifier Handler. The manipulation leads to insufficiently random values. It is possible to initiate the attack...

Tmall_demo 安全特征问题漏洞

Tmalldemo is a Spring Boot-based mini Tmall by the Xianqi Mall projectteam team. A security feature issue vulnerability exists in Tmalldemo 20250505 and earlier versions, which stems from insufficient random values in the file /tmall/order/pay/...

CVE-2024-2382

The Authorize.net Payment Gateway For WooCommerce plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 8.0. This is due to the plugin not properly verifying the authenticity of the request that updates a orders payment status. This makes it possible for...

Insecure Transaction Verification

shopware/core does not perform secure transaction verification. An attacker is able to manipulate the order payment process...

Razer: [pay.gold.razer.com] Stored XSS - Order payment

The tester discovered that the pay.gold.razer.com site suffered from a Stored XSS issue that could be used to steal a client id and key. The tester worked with team to provide multiple POCs to help them resolve the issue. Razer appreciates all the assistance from corraldev, which was above and...

Threat Outbreak Alert: Email Messages with Malicious Attachments on May 28, 2014

Medium Alert ID: 34390 First Published: 2014 May 28 16:20 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that contain an attachment relating to a purchase order payment for the recipient. The email message attempts to convince the recipient ...