PT-2026-44772

The Contact Form 7 – PayPal & Stripe Add-on plugin for WordPress is vulnerable to Payment Bypass via Insufficient Verification of Data Authenticity in all versions up to, and including, 2.4.9. Although cf7pp paypal ipn handler correctly validates IPN authenticity by posting back to PayPal with cm...

CVE-2026-5234

The LatePoint WordPress plugin (versions

CVE-2026-1782

The MetForm Pro plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 3.9.7 This is due to the payment integrations Stripe/PayPal trusting a user-submitted calculation field value without recomputing or validating it against the configured form pric...

WordPress MetForm Pro plugin <= 3.9.7 - Unauthenticated Payment Amount Manipulation via 'mf-calculation' vulnerability

Unauthenticated Payment Amount Manipulation via 'mf-calculation' vulnerability discovered by andrea bocchetti in WordPress Plugin MetForm Pro versions = 3.9.7...

CVE-2026-4987

The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is vulnerable to Payment Amount Bypass in all versions up to, and including, 2.5.2. This is due to the createpaymentintent function performing a payment validation solely based on the value of a...

CVE-2026-4987

The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is vulnerable to Payment Amount Bypass in all versions up to, and including, 2.5.2. This is due to the createpaymentintent function performing a payment validation solely based on the value of a...

CVE-2026-4987 SureForms <= 2.5.2 - Unauthenticated Payment Amount Validation Bypass via 'form_id'

The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is vulnerable to Payment Amount Bypass in all versions up to, and including, 2.5.2. This is due to the createpaymentintent function performing a payment validation solely based on the value of a...

CVE-2026-2888

The Formidable Forms plugin for WordPress is vulnerable to an authorization bypass through user-controlled key in all versions up to, and including, 6.28. This is due to the frmstrpamount AJAX handler updateintentajax overwriting the global $POST data with attacker-controlled JSON input and then...

CVE-2026-2888

The Formidable Forms plugin for WordPress is vulnerable to an authorization bypass through user-controlled key in all versions up to, and including, 6.28. This is due to the frmstrpamount AJAX handler updateintentajax overwriting the global $POST data with attacker-controlled JSON input and then...

WordPress plugin Formidable Forms 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

No, ICE (Probably) Didn’t Buy Guided Missile Warheads

A federal contracting database lists an ICE payment for $61,218 with the payment code for “guided missile warheads and explosive components.” But it appears ICE simply entered the wrong code...

EUVD-2019-18449

Malware in sbrugna...

EUVD-2019-18451

Malware in sbrugna...

External Control of Assumed-Immutable Web Parameter

Overview sylius/paypal-plugin is a PayPal plugin for Sylius. Affected versions of this package are vulnerable to External Control of Assumed-Immutable Web Parameter. The user-input payment amount is not adequately confirmed to be the same between payment completion and order authorization, in...

CVE-2025-29788

The Syliud PayPal Plugin is the Sylius Core Team’s plugin for the PayPal Commerce Platform. A vulnerability in versions prior to 1.6.1, 1.7.1, and 2.0.1 allows users to manipulate the final payment amount processed by PayPal. If a user modifies the item quantity in their shopping cart after...

External Control of Assumed-Immutable Web Parameter

Overview sylius/paypal-plugin is a PayPal plugin for Sylius. Affected versions of this package are vulnerable to External Control of Assumed-Immutable Web Parameter. The user-input payment amount is not adequately confirmed to be the same between initial entry and payment completion, in...

CVE-2025-29788 Sylius PayPal Plugin Payment Amount Manipulation Vulnerability

The Syliud PayPal Plugin is the Sylius Core Team’s plugin for the PayPal Commerce Platform. A vulnerability in versions prior to 1.6.1, 1.7.1, and 2.0.1 allows users to manipulate the final payment amount processed by PayPal. If a user modifies the item quantity in their shopping cart after...

CVE-2025-29788 Sylius PayPal Plugin Payment Amount Manipulation Vulnerability

The Syliud PayPal Plugin is the Sylius Core Team’s plugin for the PayPal Commerce Platform. A vulnerability in versions prior to 1.6.1, 1.7.1, and 2.0.1 allows users to manipulate the final payment amount processed by PayPal. If a user modifies the item quantity in their shopping cart after...

PayPal Plugin 安全漏洞

PayPal Plugin is an open source plugin for the PayPal commerce platform from Sylius eCommerce. A security vulnerability exists in PayPal Plugin versions prior to 1.6.1, prior to 1.7.1, and prior to 2.0.1, which stems from payment amount manipulation and could lead to fraud...

CVE-2025-25382

CVE-2025-25382 affects Information Kerala Mission SANCHAYA v3.0.4 (Property Tax Payment Portal). A crafted request allows an attacker to arbitrarily modify payment amounts. The exact root cause is not explicitly detailed in the provided documents. Reported remediation suggestions include restrict...