WordPress plugin Simple Payment 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

WordPress Simple Payment plugin <= 2.4.6 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by ? in WordPress Plugin Simple Payment versions = 2.4.6...

EUVD-2025-19376

Malicious code in bioql PyPI...

EUVD-2023-59669

Malicious code in bioql PyPI...

EUVD-2022-51421

Malicious code in bioql PyPI...

EUVD-2023-53932

Malicious code in bioql PyPI...

CVE-2025-9463

The Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 1.117.5 due to insufficient escaping on the user supplied parameter and...

CVE-2025-6688

The Simple Payment plugin for WordPress is vulnerable to Authentication Bypass in versions 1.3.6 to 2.3.8. This is due to the plugin not properly verifying a user's identity prior to logging them in through the createuser function. This makes it possible for unauthenticated attackers to log in as...

CVE-2025-6688 Simple Payment 1.3.6 - 2.3.8 - Authentication Bypass to Admin

The Simple Payment plugin for WordPress is vulnerable to Authentication Bypass in versions 1.3.6 to 2.3.8. This is due to the plugin not properly verifying a user's identity prior to logging them in through the createuser function. This makes it possible for unauthenticated attackers to log in as...

CVE-2025-6688 Simple Payment 1.3.6 - 2.3.8 - Authentication Bypass to Admin

The Simple Payment plugin for WordPress is vulnerable to Authentication Bypass in versions 1.3.6 to 2.3.8. This is due to the plugin not properly verifying a user's identity prior to logging them in through the createuser function. This makes it possible for unauthenticated attackers to log in as...

PT-2025-24195 · Woocommerce · Miguel Fuentes Payment Qr Woocommerce

Name of the Vulnerable Software and Affected Versions: Miguel Fuentes Payment QR WooCommerce versions 1.1.6 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For...

CVE-2023-4040

The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ehcallbackhandler function in versions up to, and including, 3.7.9. This makes it possible for unauthenticated attackers to modify the order...

CVE-2023-3162

The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.7.7. This is due to insufficient verification on the user being supplied during a Stripe checkout through the plugin. This allows unauthenticated attackers to...

CVE-2024-0705

The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 3.7.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

CVE-2024-11228 워드프레스 결제 심플페이 – 우커머스 결제 플러그인 <= 5.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting pafw_instant_payment Shortcode

The 워드프레스 결제 심플페이 – 우커머스 결제 플러그인 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's pafwinstantpayment shortcode in all versions up to, and including, 5.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...

CVE-2024-11228 워드프레스 결제 심플페이 – 우커머스 결제 플러그인 <= 5.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting pafw_instant_payment Shortcode

The 워드프레스 결제 심플페이 – 우커머스 결제 플러그인 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's pafwinstantpayment shortcode in all versions up to, and including, 5.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...

CVE-2024-50459

Missing Authorization vulnerability in HM Plugin WordPress Stripe Donation and Payment Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Stripe Donation and Payment Plugin: from n/a through 3.2.3...

CVE-2024-50459

Missing Authorization vulnerability in Hossni Mubarak AidWP wp-stripe-donation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AidWP: from n/a through = 3.2.3...

CVE-2024-50459

CVE-2024-50459 describes a Missing Authorization (Broken Access Control) vulnerability in the WordPress Stripe Donation and Payment Plugin (AidWP) for WordPress, affecting versions up to 3.2.3. Patchstack and CVE records indicate the issue is fixed in version 3.2.4. Remediation: update the plugin...

CVE-2024-50459 WordPress AidWP plugin <= 3.2.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Hossni Mubarak AidWP wp-stripe-donation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AidWP: from n/a through = 3.2.3...