7 matches found
CVE-2026-5069
The Fluent Forms plugin for WordPress is vulnerable to incorrect authorization via the 'subscriptionid' parameter in versions up to, and including, 6.2.1. This is due to insufficient ownership authorization checks in the payment cancellation AJAX flow. This makes it possible for authenticated...
CVE-2026-5069
The Fluent Forms plugin for WordPress is vulnerable to incorrect authorization via the 'subscriptionid' parameter in versions up to, and including, 6.2.1. This is due to insufficient ownership authorization checks in the payment cancellation AJAX flow. This makes it possible for authenticated...
CVE-2025-14971 Link Invoice Payment for WooCommerce <= 2.8.0 - Missing Authorization to Unauthenticated Arbitrary Partial Payment Creation/Cancellation
The Link Invoice Payment for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the createPartialPayment and cancelPartialPayment functions in all versions up to, and including, 2.8.0. This makes it possible for unauthenticated...
WordPress Link Invoice Payment for WooCommerce plugin <= 2.8.0 - Missing Authorization to Unauthenticated Arbitrary Partial Payment Creation/Cancellation vulnerability
Missing Authorization to Unauthenticated Arbitrary Partial Payment Creation/Cancellation vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Invoice Payment for WooCommerce versions = 2.8.0...
CS Money: Attacker can generate cancelled transctions in a user's transaction history using only Steam ID
Summary: The API endpoint /create-payment requires only the steam ID of the account to create the payment. When this endpoint is called using the cardpay flow, it returns a transaction ID on the Cardpay system. The attacker can access this transaction, and immediately cancel it or pay it ; , whic...
Threat Outbreak Alert: Fake Canceled Electronic Payment Notification Email Messages on July 12, 2013
Medium Alert ID: 30071 First Published: 2013 July 15 12:46 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a payment cancellation notification for the recipient. The text in the email message attempts to convince the...
Threat Outbreak Alert: Fake Electronic Payment Cancellation Email Messages on April 8, 2014
Medium Alert ID: 23517 First Published: 2011 June 29 14:00 GMT Last Updated: 2014 April 10 13:53 GMT Version: 80 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain an electronic payment cancellation for the recipient. The text in the e-ma...