2 matches found
PT-2026-49633
Name of the Vulnerable Software and Affected Versions WooCommerce Stripe Payment Gateway versions prior to 10.7.1 Description The plugin is subject to unauthorized data modification because the ajax pay for order function lacks a capability check. Specifically, the wc stripe pay for order WC-AJAX...
CVE-2026-9189 Contact Form 7 – PayPal & Stripe Add-on <= 2.4.9 - Unauthenticated Payment Bypass via Insufficient Verification of Data Authenticity via PayPal IPN Handler ('invoice'/'mc_gross' Verification)
The Contact Form 7 – PayPal & Stripe Add-on plugin for WordPress is vulnerable to Payment Bypass via Insufficient Verification of Data Authenticity in all versions up to, and including, 2.4.9. Although cf7pppaypalipnhandler correctly validates IPN authenticity by posting back to PayPal with...