WordPress plugin Stripe Donation and Payment 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress WordPress Stripe Donation and Payment Plugin Plugin <= 3.2.3 is vulnerable to Broken Access Control

Software WordPress Stripe Donation and Payment Plugin Type Plugin Vulnerable versions = 3.2.3 Fixed in 3.2.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-50459 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID bb58320243b3 Credits...

CVE-2023-7294

The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the createmollieprofile function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-leve...

CVE-2023-7294

The CVE concerns the WordPress Paytium: Mollie payment forms & donations plugin. A missing capability check in the create_mollie_profile function affects versions up to 4.3.7, enabling authenticated users with subscriber-level access to modify data by creating a Mollie payment profile. The issue ...

CVE-2024-6230

The پلاگین پرداخت دلخواه WordPress plugin through 2.9.8 does not have CSRF check in place when resetting its form fields, which could allow attackers to make a logged in admin perform such action via a CSRF attack...

Sql injection

The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 3.7.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

CVE-2024-0705 Stripe Payment Plugin for WooCommerce <= 3.7.9 - Unauthenticated SQL Injection

The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 3.7.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

CVE-2024-0705

The Stripe Payment Plugin for WooCommerce (WordPress) is vulnerable to SQL Injection via the 'id' parameter in all versions up to 3.7.9 due to insufficient escaping and improper query preparation. Unauthenticated attackers can append additional SQL to extract sensitive data. A fix is available in...

CVE-2024-0705 Stripe Payment Plugin for WooCommerce <= 3.7.9 - Unauthenticated SQL Injection

The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 3.7.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

PT-2024-15766

Name of the Vulnerable Software and Affected Versions The Stripe Payment Plugin for WooCommerce plugin for WordPress versions up to, and including, 3.7.9 Description The issue is related to SQL Injection via the id parameter due to insufficient escaping on the user-supplied parameter and lack of...

WordPress Plugin Stripe Payment Plugin for WooCommerce Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2023-5132

The Soisy Pagamento Rateale plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the parseRemoteRequest function in versions up to, and including, 6.0.1. This makes it possible for unauthenticated attackers with knowledge of an existing WooCommerc...

Authentication flaw

The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.7.7. This is due to insufficient verification on the user being supplied during a Stripe checkout through the plugin. This allows unauthenticated attackers to...

WordPress plugin Stripe Payment Plugin for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

PT-2023-23402 · Woocommerce · Stripe Payment Plugin For Woocommerce

Name of the Vulnerable Software and Affected Versions: Stripe Payment Plugin for WooCommerce versions up to, and including, 3.7.7 Description: The issue is related to authentication bypass due to insufficient verification of the user being supplied during a Stripe checkout through the plugin. Thi...

WordPress WordPress Stripe Donation and Payment Plugin Plugin < 3.2.1 is vulnerable to Cross Site Scripting (XSS)

Software WordPress Stripe Donation and Payment Plugin Type Plugin Vulnerable versions 3.2.1 Fixed in 3.2.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3e61589953b1 Credits Rafie...

WordPress Payment Page Plugin < 1.2.9 is vulnerable to Cross Site Scripting (XSS)

Software Payment Page Type Plugin Vulnerable versions 1.2.9 Fixed in 1.2.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e96ad7e511b5 Credits Rafie Muhammad Patchstack Required...

CVE-2022-4307

The پلاگین پرداخت دلخواه WordPress plugin before 2.9.3 does not sanitise and escape some parameters, allowing unauthenticated attackers to send a request with XSS payloads, which will be triggered when a high privilege users such as admin visits a page from the plugin...

CVE-2020-26007

An arbitrary file upload vulnerability in the upload payment plugin of ShopXO v1.9.0 allows attackers to execute arbitrary code via uploading a crafted PHP file...

CVE-2020-26007

An arbitrary file upload vulnerability in the upload payment plugin of ShopXO v1.9.0 allows attackers to execute arbitrary code via uploading a crafted PHP file...