83 matches found
WordPress WP Cost Estimation & Payment Forms Builder Plugin <= 10.1.75 is vulnerable to Cross Site Scripting (XSS)
Software WP Cost Estimation & Payment Forms Builder Type Plugin Vulnerable versions = 10.1.75 Fixed in 10.1.76 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32510 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 052582e81e99 Credits...
WordPress WP Cost Estimation & Payment Forms Builder Plugin <= 10.1.76 is vulnerable to Broken Access Control
Software WP Cost Estimation & Payment Forms Builder Type Plugin Vulnerable versions = 10.1.76 Fixed in 10.1.77 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32509 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 4f90762b9976...
WordPress Payment Forms for Paystack Plugin <= 4.0.0 is vulnerable to Cross Site Scripting (XSS)
Software Payment Forms for Paystack Type Plugin Vulnerable versions = 4.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32130 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID bdaaf2a9d240 Credits Ngô Thiên An ancorn from...
CVE-2024-30489
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in loopus WP Cost Estimation & Payment Forms Builder.This issue affects WP Cost Estimation & Payment Forms Builder: from n/a through 10.1.75...
CVE-2024-30489 WordPress WP Cost Estimation & Payment Forms Builder plugin <= 10.1.75 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in loopus WP Cost Estimation & Payment Forms Builder.This issue affects WP Cost Estimation & Payment Forms Builder: from n/a through 10.1.75...
CVE-2024-30489 WordPress WP Cost Estimation & Payment Forms Builder plugin <= 10.1.75 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in loopus WP Cost Estimation & Payment Forms Builder.This issue affects WP Cost Estimation & Payment Forms Builder: from n/a through 10.1.75...
CVE-2024-30489
CVE-2024-30489 affects WP Cost Estimation & Payment Forms Builder for WordPress. Root cause: improper neutralization of SQL elements in a query, enabling SQL injection. Affected versions are up to 10.1.75 (n/a–10.1.75). CVSS v3.1 base score 8.5 (HIGH) with Attack Vector: Network, Attack Complexit...
WordPress Plugin WP Cost Estimation & Payment Forms Builder SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin WP Cost Estimation &...
PT-2024-23415 · WordPress · Loopus Wp Cost Estimation & Payment Forms Builder
Name of the Vulnerable Software and Affected Versions: WP Cost Estimation & Payment Forms Builder versions through 10.1.75 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for potential...
WordPress WP Cost Estimation & Payment Forms Builder Plugin <= 10.1.75 is vulnerable to SQL Injection
Software WP Cost Estimation & Payment Forms Builder Type Plugin Vulnerable versions = 10.1.75 Fixed in 10.1.76 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-30489 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID b42e5deb44b6 Credits Rafie Muhammad...
CVE-2024-25099
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in David de Boer Paytium: Mollie payment forms & donations allows Stored XSS.This issue affects Paytium: Mollie payment forms & donations: from n/a through 4.4.2...
Cross site scripting
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in David de Boer Paytium: Mollie payment forms & donations allows Stored XSS.This issue affects Paytium: Mollie payment forms & donations: from n/a through 4.4.2...
CVE-2024-25099
CVE-2024-25099 concerns the Paytium plugin for WordPress (Paytium: Mollie payment forms & donations). The issue is a stored XSS caused by improper input neutralization during web page generation, affecting Paytium versions up to 4.4.2. A fix exists in version 4.4.3. Public details confirm the vul...
CVE-2023-5665
The Payment Forms for Paystack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
Cross site scripting
The Payment Forms for Paystack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2023-5665 Payment Forms for Paystack <= 3.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Payment Forms for Paystack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
WordPress Payment Forms for Paystack Plugin <= 3.4.1 is vulnerable to Cross Site Scripting (XSS)
Software Payment Forms for Paystack Type Plugin Vulnerable versions = 3.4.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5665 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3391483ec0bd Credits István Márton...
WordPress plugin Payment Forms for Paystack Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
Magecart threat actor rolls out convincing modal forms
To ensnare new victims, criminals will often devise schemes that attempt to look as realistic as possible. Having said that, it is not every day that we see the fraudulent copy exceed the original piece. While following up on an ongoing Magecart credit card skimmer campaign, we were almost fooled...
Multilingual skimmer fingerprints 'secret shoppers' via Cloudflare endpoint API
One important aspect of data theft in criminal markets revolves around the authenticity of the data that is being resold. There are different services that exist to vet such things as credit card numbers so that buyers can purchase with confidence. Criminals are also very aware that anyone and in...