Lucene search
K

26 matches found

OSV
OSV
added 2026/07/06 9:53 p.m.3 views

CVE-2026-43928 FOSSBilling: Payment amount not validated in PayPalEmail adapter allows invoice underpayment

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the PayPalEmail payment adapter accepts PayPal IPN callbacks and credits the IPN-supplied amount mcgross to the client's balance without validating it against the invoice total. Combined with a $0.05...

2.3CVSS5.9AI score0.00274EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/06 8:53 p.m.5 views

CVE-2026-42341

FOSSBilling is a free, open-source billing and client management system. Versions 0.6.0 through 0.7.2 have an unauthenticated payment bypass vulnerability in FOSSBilling's IPN callback endpoint. When the Custom payment adapter is enabled, an attacker can mark any unpaid invoice as paid and credit...

9.2CVSS6AI score0.00184EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.6 views

PT-2026-56010

Name of the Vulnerable Software and Affected Versions FOSSBilling versions 0.6.0 through 0.7.2 Description An unauthenticated payment bypass exists in the IPN callback endpoint /ipn.php. When the Custom payment adapter is enabled, an attacker can mark any unpaid invoice as paid and credit the...

9.2CVSS6.1AI score0.00184EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/12 9:31 a.m.10 views

EUVD-2026-29419

The Slek Gateway for WooCommerce plugin for WordPress is vulnerable to Information Exposure in version 1.0. This is due to the wsbhandleslekpaymentredirect function placing the merchant's slekkey and sleksecret API credentials directly into a client-side HTML form, and additionally embedding the...

5.3CVSS5.8AI score0.00251EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/04/16 5:29 a.m.6 views

CVE-2026-5050

The Payment Gateway for Redsys & WooCommerce Lite plugin for WordPress is vulnerable to Improper Verification of Cryptographic Signature in versions up to, and including, 7.0.0 due to successfulrequest handlers calculating a local signature but not validating DsSignature from the request before...

7.5CVSS5.8AI score0.00206EPSS
Exploits0References3
CVE
CVE
added 2026/04/16 5:29 a.m.26 views

CVE-2026-5050

The CVE-2026-5050 entry details a vulnerability in the Payment Gateway for Redsys & WooCommerce Lite plugin for WordPress. Affected versions are up to and including 7.0.0. The root cause is improper verification of cryptographic signatures: successful_request() handlers compute a local signature ...

7.5CVSS5.8AI score0.00206EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/16 12:0 a.m.15 views

WordPress plugin Payment Gateway for Redsys & WooCommerce Lite 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

7.5CVSS5.7AI score0.00206EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/17 12:0 a.m.8 views

WordPress plugin Zarinpal Gateway for WooCommerce 访问控制错误漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

7.7CVSS5.8AI score0.00296EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/01/17 8:24 a.m.4 views

CVE-2025-14078

The PAYGENT for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.4.6. This is due to missing authorization checks on the paygentcheckwebhook function combined with the paygentpermissioncallback function unconditionally returning true ...

5.3CVSS5.4AI score0.00261EPSS
Exploits0References6
CVE
CVE
added 2026/01/17 8:24 a.m.32 views

CVE-2025-14078

CVE-2025-14078 affects the PAYGENT for WooCommerce WordPress plugin (versions up to 2.4.6). The root cause is missing authorization checks in paygent_check_webhook and a paygent_permission_callback that unconditionally returns true, enabling unauthenticated attackers to forge payment callbacks an...

5.3CVSS5.5AI score0.00261EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/01/17 8:24 a.m.23 views

CVE-2025-14078 PAYGENT for WooCommerce <= 2.4.6 - Missing Authorization to Unauthenticated Payment Callback Manipulation

The PAYGENT for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.4.6. This is due to missing authorization checks on the paygentcheckwebhook function combined with the paygentpermissioncallback function unconditionally returning true ...

5.3CVSS0.00261EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/17 12:0 a.m.11 views

PT-2026-3356

The PAYGENT for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.4.6. This is due to missing authorization checks on the paygent check webhook function combined with the paygent permission callback function unconditionally returning...

5.3CVSS5.9AI score0.00261EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/01/16 11:54 p.m.8 views

WordPress PAYGENT for WooCommerce plugin <= 2.4.6 - Missing Authorization to Unauthenticated Payment Callback Manipulation vulnerability

Missing Authorization to Unauthenticated Payment Callback Manipulation vulnerability discovered by WordFence in WordPress Plugin PAYGENT for WooCommerce versions = 2.4.6...

5.3CVSS7AI score0.00261EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/01/16 7:15 a.m.9 views

CVE-2026-0939

The Rede Itaú for WooCommerce plugin for WordPress is vulnerable to order status manipulation due to insufficient verification of data authenticity in all versions up to, and including, 5.1.2. This is due to the plugin failing to verify the authenticity of payment callbacks. This makes it possibl...

5.3CVSS0.00148EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/01/16 12:0 a.m.9 views

WordPress plugin Rede Itaú for WooCommerce has a vulnerability related to data manipulation.

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

5.3CVSS5.7AI score0.00148EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/09 9:16 a.m.7 views

CVE-2025-14460

The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is vulnerable to unauthorized order status modification in all versions up to, and including, 3.1.4. This is due to missing authorization checks on the payment callback endpoint handler when processing the 'fail' callback from the...

5.3CVSS5.8AI score0.0036EPSS
Exploits0References1
NVD
NVD
added 2026/01/07 12:16 p.m.6 views

CVE-2025-14460

The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is vulnerable to unauthorized order status modification in all versions up to, and including, 3.1.4. This is due to missing authorization checks on the payment callback endpoint handler when processing the 'fail' callback from the...

5.3CVSS0.0036EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/07 9:21 a.m.4 views

CVE-2025-14460 Piraeus Bank WooCommerce Payment Gateway <= 3.1.4 - Missing Authorization to Unauthenticated Arbitrary Order Status Change

The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is vulnerable to unauthorized order status modification in all versions up to, and including, 3.1.4. This is due to missing authorization checks on the payment callback endpoint handler when processing the 'fail' callback from the...

5.3CVSS5.5AI score0.0036EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/07 9:21 a.m.31 views

CVE-2025-14460 Piraeus Bank WooCommerce Payment Gateway <= 3.1.4 - Missing Authorization to Unauthenticated Arbitrary Order Status Change

The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is vulnerable to unauthorized order status modification in all versions up to, and including, 3.1.4. This is due to missing authorization checks on the payment callback endpoint handler when processing the 'fail' callback from the...

5.3CVSS0.0036EPSS
Exploits0References4
CVE
CVE
added 2026/01/07 9:21 a.m.18 views

CVE-2025-14460

CVE-2025-14460 affects the Piraeus Bank WooCommerce Payment Gateway for WordPress. The Wordfence entry confirms missing authorization on the payment callback endpoint, allowing unauthenticated attackers to change any order status to “failed” by supplying the MerchantReference (order ID). Versions...

5.3CVSS5.5AI score0.0036EPSS
Exploits0References4
Rows per page
Query Builder