Lucene search
K

216 matches found

CVE
CVE
added 3 days ago13 views

CVE-2026-11901

Affected software: WordPress WP Hotel Booking plugin (versions ≤ 2.3.1). Vulnerability: Insufficient Verification of Data Authenticity in the PayPal IPN handler (web_hook_process_paypal_standard). The IPN validation endpoint can be chosen from attacker-controlled test_ipn, permitting force-upgrad...

5.3CVSS6.1AI score0.00177EPSS
Exploits0References10
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-13039 Eventin 4.0.26 - 4.1.15 - Missing Authorization to Unauthenticated Payment Bypass via REST API

The Eventin – Event Calendar, Event Registration, Tickets & Booking AI Powered plugin for WordPress is vulnerable to authorization bypass due to a regression in versions from 4.0.26 up to and including 4.1.15. This is due to the plugin not properly verifying that a user is authorized to perform a...

5.3CVSS0.00257EPSS
Exploits0References2
CVE
CVE
added 4 days ago6 views

CVE-2026-13039

The Eventin plugin for WordPress (versions 4.0.26–4.1.15) has an authorization bypass in payment_complete() via REST API due to insufficient verification of user authorization. Unauthenticated attackers can mark unpaid ticket orders as completed by submitting a fabricated SureCart checkout ID or ...

5.3CVSS6.1AI score0.00257EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-11990 KiviCare <= 4.4.0 - Missing Authorization to Unauthenticated Payment Bypass and Appointment Status Manipulation via /payment-success REST Endpoint

The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.4.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...

5.3CVSS0.00342EPSS
Exploits0References12
Patchstack
Patchstack
added 5 days ago4 views

WordPress KiviCare – Clinic & Patient Management System (EHR) plugin <= 4.4.0 - Missing Authorization to Unauthenticated Payment Bypass and Appointment Status Manipulation vulnerability

Missing Authorization to Unauthenticated Payment Bypass and Appointment Status Manipulation vulnerability discovered by Niv Kochan in WordPress Plugin KiviCare versions = 4.4.0...

5.3CVSS6.1AI score0.00342EPSS
Exploits0References1Affected Software1
NVD
NVD
added 5 days ago9 views

CVE-2026-9027

The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to Payment Bypass via Improper Verification of Cryptographic Signature in all versions up to, and including, 2.7.4. The corvuspaysuccesshandler function registers the REST endpoint POST /wp-json/corvuspay/success/ with...

5.3CVSS0.00222EPSS
Exploits0References8
CVE
CVE
added 5 days ago10 views

CVE-2026-9027

Summary of the CVE-2026-9027 issue : The CorvusPay WooCommerce Gateway for WordPress (versions up to 2.7.4) is vulnerable to a payment bypass via improper verification of the cryptographic signature. The REST endpoint POST /wp-json/corvuspay/success/ is registered with a permissive permission cal...

5.3CVSS6.2AI score0.00222EPSS
Exploits0References8
EUVD
EUVD
added 5 days ago9 views

EUVD-2026-42560

The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to Payment Bypass via Improper Verification of Cryptographic Signature in all versions up to, and including, 2.7.4. The corvuspaysuccesshandler function registers the REST endpoint POST /wp-json/corvuspay/success/ with...

5.3CVSS6.2AI score0.00222EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-9027

The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to Payment Bypass via Improper Verification of Cryptographic Signature in all versions up to, and including, 2.7.4. The corvuspaysuccesshandler function registers the REST endpoint POST /wp-json/corvuspay/success/ with...

5.3CVSS6.2AI score0.00222EPSS
Exploits0References9
Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-9027 CorvusPay WooCommerce Payment Gateway <= 2.7.4 - Unauthenticated Improper Verification of Cryptographic Signature to Payment Bypass via /wp-json/corvuspay/success/ REST Endpoint

The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to Payment Bypass via Improper Verification of Cryptographic Signature in all versions up to, and including, 2.7.4. The corvuspaysuccesshandler function registers the REST endpoint POST /wp-json/corvuspay/success/ with...

5.3CVSS0.00222EPSS
Exploits0References8
NVD
NVD
added 2026/07/06 9:16 p.m.8 views

CVE-2026-42341

FOSSBilling is a free, open-source billing and client management system. Versions 0.6.0 through 0.7.2 have an unauthenticated payment bypass vulnerability in FOSSBilling's IPN callback endpoint. When the Custom payment adapter is enabled, an attacker can mark any unpaid invoice as paid and credit...

9.2CVSS0.00184EPSS
Exploits0References1
CVE
CVE
added 2026/07/06 8:53 p.m.11 views

CVE-2026-42341

FOSSBilling versions 0.6.0–0.7.2 contain an unauthenticated payment bypass in the IPN callback endpoint. When the Custom payment adapter is enabled, an attacker can mark any unpaid invoice as paid and credit the client account without a real payment by sending a crafted HTTP request. Version 0.8....

9.2CVSS6AI score0.00184EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/06 8:53 p.m.36 views

CVE-2026-42341 FOSSBilling has an unauthenticated payment bypass via IPN callback forgery

FOSSBilling is a free, open-source billing and client management system. Versions 0.6.0 through 0.7.2 have an unauthenticated payment bypass vulnerability in FOSSBilling's IPN callback endpoint. When the Custom payment adapter is enabled, an attacker can mark any unpaid invoice as paid and credit...

9.2CVSS0.00184EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/06 8:53 p.m.5 views

CVE-2026-42341

FOSSBilling is a free, open-source billing and client management system. Versions 0.6.0 through 0.7.2 have an unauthenticated payment bypass vulnerability in FOSSBilling's IPN callback endpoint. When the Custom payment adapter is enabled, an attacker can mark any unpaid invoice as paid and credit...

9.2CVSS6AI score0.00184EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/07/06 8:53 p.m.2 views

CVE-2026-42341 FOSSBilling has an unauthenticated payment bypass via IPN callback forgery

FOSSBilling is a free, open-source billing and client management system. Versions 0.6.0 through 0.7.2 have an unauthenticated payment bypass vulnerability in FOSSBilling's IPN callback endpoint. When the Custom payment adapter is enabled, an attacker can mark any unpaid invoice as paid and credit...

9.2CVSS6AI score0.00184EPSS
Exploits0References3
NVD
NVD
added 2026/06/26 9:16 a.m.10 views

CVE-2026-1869

The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is vulnerable to unauthorized modification of data due to missing validation checks in the confirmpayment function in all...

6.5CVSS0.0018EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/06/26 8:28 a.m.7 views

WordPress User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin <= 5.2.0 - Missing Authorization to Unauthenticated Payment Bypass vulnerability

Missing Authorization to Unauthenticated Payment Bypass vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin User Registration versions = 5.2.0...

6.5CVSS5.8AI score0.0018EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/26 7:54 a.m.37 views

CVE-2026-1869

CVE-2026-1869 concerns the WordPress plugin “User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder.” The vulnerability is caused by missing validation checks in the confirm_payment() function across all...

6.5CVSS5.8AI score0.0018EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/26 7:54 a.m.7 views

CVE-2026-1869

The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is vulnerable to unauthorized modification of data due to missing validation checks in the confirmpayment function in all...

6.5CVSS5.8AI score0.0018EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/26 7:54 a.m.35 views

CVE-2026-1869 User Registration & Membership <= 5.2.0 - Missing Authorization to Unauthenticated Payment Bypass

The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is vulnerable to unauthorized modification of data due to missing validation checks in the confirmpayment function in all...

6.5CVSS0.0018EPSS
Exploits0References2
Rows per page
Query Builder