CVE-2025-14971 Link Invoice Payment for WooCommerce <= 2.8.0 - Missing Authorization to Unauthenticated Arbitrary Partial Payment Creation/Cancellation

The Link Invoice Payment for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the createPartialPayment and cancelPartialPayment functions in all versions up to, and including, 2.8.0. This makes it possible for unauthenticated...

CS Money: Attacker can generate cancelled transctions in a user's transaction history using only Steam ID

Summary: The API endpoint /create-payment requires only the steam ID of the account to create the payment. When this endpoint is called using the cardpay flow, it returns a transaction ID on the Cardpay system. The attacker can access this transaction, and immediately cancel it or pay it ; , whic...

Threat Outbreak Alert: Fake Canceled Electronic Payment Notification Email Messages on July 12, 2013

Medium Alert ID: 30071 First Published: 2013 July 15 12:46 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a payment cancellation notification for the recipient. The text in the email message attempts to convince the...