Lucene search
K

7 matches found

ATTACKERKB
ATTACKERKB
added 4 days ago7 views

CVE-2026-15288

The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 2.2.1. This is due to the plugin accepting the payment amount directly from user-controlled POST data in the 'createpaymentintent' and...

7.5CVSS6.1AI score0.00333EPSS
Exploits0References4
CVE
CVE
added 4 days ago8 views

CVE-2026-15288

CVE-2026-15288 affects the SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress. All versions up to and including 2.2.1 are vulnerable to Improper Input Validation: the plugin accepts the payment amount directly from user-controlled POST data in the create_payment_intent and ...

7.5CVSS6.1AI score0.00333EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/17 3:36 a.m.3 views

CVE-2026-5234

The LatePoint plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.3.2. The vulnerability exists because the OsStripeConnectController::createpaymentintentfortransaction action is registered as a public action no authentication required an...

5.3CVSS5.8AI score0.00689EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.9 views

PT-2026-33403

The LatePoint plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.3.2. The vulnerability exists because the OsStripeConnectController::create payment intent for transaction action is registered as a public action no authentication require...

5.3CVSS5.8AI score0.00689EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2026/04/01 5:3 p.m.2 views

CVE-2026-34210

mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the stripe/charge payment method did not check Stripe's Idempotent-Replayed response header when creating PaymentIntents. An attacker could replay a valid credential containing the same spt token against a new...

8.1CVSS5.8AI score0.00494EPSS
Exploits0References1
OSV
OSV
added 2026/03/31 2:10 p.m.4 views

CVE-2026-34210 mppx has Stripe charge credential replay via missing idempotency check

mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the stripe/charge payment method did not check Stripe's Idempotent-Replayed response header when creating PaymentIntents. An attacker could replay a valid credential containing the same spt token against a new...

6CVSS5.8AI score0.00494EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/29 12:0 a.m.8 views

PT-2026-28608

Impact The stripe/charge payment method did not check Stripe's Idempotent-Replayed response header when creating PaymentIntents. An attacker could replay a valid credential containing the same spt token against a new challenge, and the server would accept the replayed Stripe PaymentIntent as a ne...

6CVSS5.9AI score0.00494EPSS
Exploits0References7
Rows per page
Query Builder