Lucene search
K

7 matches found

NVD
NVD
added 11 hours ago4 views

CVE-2026-5069

The Fluent Forms plugin for WordPress is vulnerable to incorrect authorization via the 'subscriptionid' parameter in versions up to, and including, 6.2.1. This is due to insufficient ownership authorization checks in the payment cancellation AJAX flow. This makes it possible for authenticated...

5.4CVSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 13 hours ago3 views

CVE-2026-5069

The Fluent Forms plugin for WordPress is vulnerable to incorrect authorization via the 'subscriptionid' parameter in versions up to, and including, 6.2.1. This is due to insufficient ownership authorization checks in the payment cancellation AJAX flow. This makes it possible for authenticated...

5.4CVSS5.9AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/27 6:44 a.m.4 views

CVE-2025-14971 Link Invoice Payment for WooCommerce <= 2.8.0 - Missing Authorization to Unauthenticated Arbitrary Partial Payment Creation/Cancellation

The Link Invoice Payment for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the createPartialPayment and cancelPartialPayment functions in all versions up to, and including, 2.8.0. This makes it possible for unauthenticated...

5.3CVSS5.9AI score0.00297EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/01/27 2:50 a.m.8 views

WordPress Link Invoice Payment for WooCommerce plugin <= 2.8.0 - Missing Authorization to Unauthenticated Arbitrary Partial Payment Creation/Cancellation vulnerability

Missing Authorization to Unauthenticated Arbitrary Partial Payment Creation/Cancellation vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Invoice Payment for WooCommerce versions = 2.8.0...

5.3CVSS5.9AI score0.00297EPSS
Exploits0References1Affected Software1
Hacker One
Hacker One
added 2020/10/29 2:20 p.m.22 views

CS Money: Attacker can generate cancelled transctions in a user's transaction history using only Steam ID

Summary: The API endpoint /create-payment requires only the steam ID of the account to create the payment. When this endpoint is called using the cardpay flow, it returns a transaction ID on the Cardpay system. The attacker can access this transaction, and immediately cancel it or pay it ; , whic...

0.5AI score
Exploits0
Cisco Threats
Cisco Threats
added 2013/07/15 12:46 p.m.10 views

Threat Outbreak Alert: Fake Canceled Electronic Payment Notification Email Messages on July 12, 2013

Medium Alert ID: 30071 First Published: 2013 July 15 12:46 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a payment cancellation notification for the recipient. The text in the email message attempts to convince the...

1AI score
Exploits0
Cisco Threats
Cisco Threats
added 2011/06/29 2:0 p.m.20 views

Threat Outbreak Alert: Fake Electronic Payment Cancellation Email Messages on April 8, 2014

Medium Alert ID: 23517 First Published: 2011 June 29 14:00 GMT Last Updated: 2014 April 10 13:53 GMT Version: 80 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain an electronic payment cancellation for the recipient. The text in the e-ma...

0.1AI score
Exploits0
Rows per page
Query Builder