Cross-site Scripting (XSS)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Cross-site Scripting XSS via the plugin parameter in plugin/YPTWallet/plugins/YPTWalletStripe/confirmButton.php. An attacker can execute arbitrary JavaScript in a...

Phantom Stealer Spread by ISO Phishing Emails Hitting Russian Finance Sector

Cybersecurity researchers have disclosed details of an active phishing campaign that's targeting a wide range of sectors in Russia with phishing emails that deliver Phantom Stealer via malicious ISO optical disc images. The activity, codenamed Operation MoneyMount-ISO by Seqrite Labs, has primari...

CVE-2025-13384 CP Contact Form with PayPal <= 1.3.56 - Missing Authorization to Unauthenticated Arbitrary Payment Confirmation

The CP Contact Form with PayPal plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.3.56. This is due to the plugin exposing an unauthenticated IPN-like endpoint via the 'cpcontactformppipncheck' query parameter that processes payment confirmations...

CVE-2025-13384 CP Contact Form with PayPal <= 1.3.56 - Missing Authorization to Unauthenticated Arbitrary Payment Confirmation

The CP Contact Form with PayPal plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.3.56. This is due to the plugin exposing an unauthenticated IPN-like endpoint via the 'cpcontactformppipncheck' query parameter that processes payment confirmations...

PT-2025-47828

Name of the Vulnerable Software and Affected Versions CP Contact Form with PayPal plugin for WordPress versions through 1.3.56 Description The CP Contact Form with PayPal plugin for WordPress is susceptible to unauthorized payment confirmation. The plugin exposes an unauthenticated endpoint via t...

New warning issued over toll fee scams

Over a year ago the FBI warned about what was then a new form of smishing phishing via SMS scam: text messages that demanded payment for toll fees. The FTC sent out a similar warning in January, 2025. Then, in April another wave of toll fee scams began doing the rounds. Now the Departments of Mot...

CVE-2022-29254

silverstripe-omnipay is a SilverStripe integration with Omnipay PHP payments library. For a subset of Omnipay gateways those that use intermediary states like isNotification or isRedirect, if the payment identifier or success URL is exposed it is possible for payments to be prematurely marked as...

CVE-2024-48245

Vehicle Management System 1.0 is vulnerable to SQL Injection. A guest user can exploit vulnerable POST parameters in various administrative actions, such as booking a vehicle or confirming a booking. The affected parameters include "Booking ID", "Action Name", and "Payment Confirmation ID", which...

CVE-2024-48245

Vehicle Management System 1.0 is vulnerable to SQL Injection. A guest user can exploit vulnerable POST parameters in various administrative actions, such as booking a vehicle or confirming a booking. The affected parameters include "Booking ID", "Action Name", and "Payment Confirmation ID", which...

Mollie for Drupal - Moderately critical - Faulty payment confirmation logic - SA-CONTRIB-2023-052

This module enables you to pay online via Mollie. The module might not properly load the correct order to update the payment status when Mollie redirects to the redirect URL. This can allow an attacker to apply other people's orders to their own, getting credit without paying. This vulnerability ...

LifterLMS PayPal < 1.4.0 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross-Site Scripting issue PoC https://example.com/purchase/confirm-payment/?order=order-xxxxxxx=aa"...

Threat Outbreak Alert RuleID33160: Email Messages Distributing Malicious Software on July 11, 2018

Medium Alert ID: 58428 First Published: 2018 July 11 14:25 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID33160 may contain the following files: Name | Siz...

Threat Outbreak Alert RuleID31440: Email Messages Distributing Malicious Software on November 24, 2017

Medium Alert ID: 56046 First Published: 2017 November 27 13:16 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID31440 may contain the following files: Name |...

Threat Outbreak Alert RuleID31217: Email Messages Distributing Malicious Software on November 7, 2017

Medium Alert ID: 55794 First Published: 2017 November 7 13:57 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID31217 may contain the following files: Name |...

Threat Outbreak Alert RuleID30911: Email Messages Distributing Malicious Software on October 11, 2017

Medium Alert ID: 55585 First Published: 2017 October 11 15:30 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID30911 may contain the following files: Name |...

Threat Outbreak Alert RuleID25812: Email Messages Distributing Malicious Software on November 15, 2016

Medium Alert ID: 49716 First Published: 2016 November 15 17:02 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID25812 may contain the following files: Name |...

Threat Outbreak Alert RuleID23863: Email Messages Distributing Malicious Software on July 16, 2016

Medium Alert ID: 47107 First Published: 2016 July 18 14:01 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID23863 may contain the following files: Name | Siz...

Threat Outbreak Alert RuleID22038: Email Messages Distributing Malicious Software on April 1, 2016

Medium Alert ID: 44417 First Published: 2016 April 1 16:21 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID22038 may contain the following files: Name | Siz...

Threat Outbreak Alert RuleID21922: Email Messages Distributing Malicious Software on March 25, 2016

Medium Alert ID: 44308 First Published: 2016 March 25 13:43 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID21922 may contain the following files: Name | Si...

Threat Outbreak Alert RuleID20378: Email Messages Distributing Malicious Software on May 4, 2016

Medium Alert ID: 42959 First Published: 2016 January 8 20:53 GMT Last Updated: 2016 May 5 12:52 GMT Version: 2 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID20378 and...