Lucene search
K

11 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:42 p.m.11 views

CVE-2025-15565

The Nexi XPay plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization checks on the redirect function in all versions up to, and including, 8.3.0. This makes it possible for unauthenticated attackers to mark pending WooCommerce orders as paid/completed...

5.3CVSS5.5AI score0.00189EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/16 5:29 a.m.6 views

CVE-2026-5050

The Payment Gateway for Redsys & WooCommerce Lite plugin for WordPress is vulnerable to Improper Verification of Cryptographic Signature in versions up to, and including, 7.0.0 due to successfulrequest handlers calculating a local signature but not validating DsSignature from the request before...

7.5CVSS5.8AI score0.00206EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/15 12:31 a.m.4 views

EUVD-2025-209461

The Nexi XPay plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization checks on the redirect function in all versions up to, and including, 8.3.0. This makes it possible for unauthenticated attackers to mark pending WooCommerce orders as paid/completed...

5.3CVSS5.8AI score0.00189EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/14 9:26 p.m.3 views

CVE-2025-15565

The Nexi XPay plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization checks on the redirect function in all versions up to, and including, 8.3.0. This makes it possible for unauthenticated attackers to mark pending WooCommerce orders as paid/completed...

5.3CVSS5.8AI score0.00189EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.8 views

WordPress plugin Nexi XPay 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.8AI score0.00189EPSS
Exploits0References2
NVD
NVD
added 2026/02/04 9:15 a.m.7 views

CVE-2025-14461

The Xendit Payment plugin for WordPress is vulnerable to unauthorized order status manipulation in all versions up to, and including, 6.0.2. This is due to the plugin exposing a publicly accessible WooCommerce API callback endpoint wcxenditcallback that processes payment callbacks without any...

5.3CVSS0.00345EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/13 3:59 a.m.4 views

CVE-2025-12883

The Campay Woocommerce Payment Gateway plugin for WordPress is vulnerable to Unauthenticated Payment Bypass in all versions up to, and including, 1.2.2. This is due to the plugin not properly validating that a transaction has occurred through the payment gateway. This makes it possible for...

5.3CVSS6.1AI score0.00314EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/12 6:31 a.m.3 views

EUVD-2025-203004

The Campay Woocommerce Payment Gateway plugin for WordPress is vulnerable to Unauthenticated Payment Bypass in all versions up to, and including, 1.2.2. This is due to the plugin not properly validating that a transaction has occurred through the payment gateway. This makes it possible for...

5.3CVSS5.7AI score0.00314EPSS
Exploits0References3
CVE
CVE
added 2025/12/12 3:20 a.m.14 views

CVE-2025-12883

CVE-2025-12883 – The Campay Woocommerce Payment Gateway plugin for WordPress is vulnerable to an unauthenticated payment bypass in all versions up to 1.2.2. The issue arises from improper validation that a transaction occurred through the gateway, enabling unauthenticated attackers to bypass paym...

5.3CVSS5.8AI score0.00314EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.4 views

PT-2025-50811

The Campay Woocommerce Payment Gateway plugin for WordPress is vulnerable to Unauthenticated Payment Bypass in all versions up to, and including, 1.2.2. This is due to the plugin not properly validating that a transaction has occurred through the payment gateway. This makes it possible for...

5.3CVSS6.1AI score0.00314EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/04 4:27 a.m.11 views

CVE-2025-11890 Crypto Payment Gateway with Payeer for WooCommerce <= 1.0.3 - Unauthenticated Payment Bypass

The Crypto Payment Gateway with Payeer for WooCommerce plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 1.0.3. This is due to the plugin not properly verifying a payments status through server-side validation though the /wc-api/bp-payeer-gateway-callback...

7.5CVSS0.00273EPSS
Exploits0References2
Rows per page
Query Builder