EUVD-2026-39958

The Frisbii Pay plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'uploadcsv' and 'processbatch' functions in all versions up to, and including, 1.8.9. This makes it possible for authenticated attackers, with Subscriber-level access an...

CVE-2026-49070 WordPress Knit Pay plugin <= 9.4.0.0 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Knit Pay = 9.4.0.0 versions...

WordPress Knit Pay plugin <= 9.4.0.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Averon Averenkov in WordPress Plugin Knit Pay versions = 9.4.0.0...

CVE-2026-32587

CVE-2026-32587 describes a Missing Authorization vulnerability in the WordPress plugin WP Easy Pay – Payment and Donation form Builder for Square . Affected range: WP Easy Pay versions from unknown start up to and including 4.2.11 . Root cause per description: access control misconfiguration that...

EUVD-2019-15571

Malware in sbrugna...

EUVD-2020-20683

Malware in sbrugna...

CVE-2020-28199

best it Amazon Pay Plugin before 9.4.2 for Shopware exposes Sensitive Information to an Unauthorized Actor...

CVE-2019-6003

Cross-site scripting vulnerability in EC-CUBE plugin 'Amazon Pay Plugin 2.12,2.13' version 2.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2018-20985

The wp-payeezy-pay plugin before 2.98 for WordPress has local file inclusion in pay.php, donate.php, donate-rec, and pay-rec...

CVE-2025-23543 WordPress FOMO Pay Chinese Payment Solution plugin <= 2.0.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fomopay FOMO Pay Chinese Payment Solution fomo-payment-gateway-for-woocommerce allows Reflected XSS.This issue affects FOMO Pay Chinese Payment Solution: from n/a through = 2.0.4...

CVE-2025-23543 WordPress FOMO Pay Chinese Payment Solution plugin <= 2.0.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NotFound FOMO Pay Chinese Payment Solution allows Reflected XSS. This issue affects FOMO Pay Chinese Payment Solution: from n/a through 2.0.4...

WordPress 워드프레스 결제 심플페이 Plugin <= 5.1.4 is vulnerable to Cross Site Scripting (XSS)

Software 워드프레스 결제 심플페이 Type Plugin Vulnerable versions = 5.1.4 Fixed in 5.2.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11228 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e3d63a499890 Credits Peter Thaleikis Required...

CVE-2020-28199

best it Amazon Pay Plugin before 9.4.2 for Shopware exposes Sensitive Information to an Unauthorized Actor...

CVE-2020-28199

best it Amazon Pay Plugin before 9.4.2 for Shopware exposes Sensitive Information to an Unauthorized Actor...

Amazon Pay Plugin Information Disclosure Vulnerability

Amazon Pay Plugin is an online payment plugin from Amazon.com, Inc. Amazon Pay Plugin before 9.4.2 suffers from an information disclosure vulnerability that originates from exposing sensitive information for Shopware...

CVE-2019-6003

Cross-site scripting vulnerability in EC-CUBE plugin 'Amazon Pay Plugin 2.12,2.13' version 2.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2019-6003

Cross-site scripting vulnerability in EC-CUBE plugin 'Amazon Pay Plugin 2.12,2.13' version 2.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2019-6003

CVE-2019-6003 is a cross-site scripting vulnerability in EC-CUBE's Amazon Pay Plugin (versions 2.4.2 and earlier, plugin 2.12/2.13). The root cause is improper handling of user-controlled input (CWE-79), allowing an attacker to inject arbitrary web script or HTML via unspecified vectors. Impact, ...

CVE-2019-6003

Cross-site scripting vulnerability in EC-CUBE plugin 'Amazon Pay Plugin 2.12,2.13' version 2.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

WordPress wp-payeezy-pay plugin input validation error vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. wp-payeezy-pay is an online secure payment form plugin used in it. An input validation error vulnerability...