CVE-2024-31802

DESIGNA ABACUS v.18 and before allows an attacker to bypass the payment process via a crafted QR code...

CVE-2024-31802

CVE-2024-31802 affects DESIGNA ABACUS v18 and earlier. The root cause allows bypassing the payment process via a crafted QR code. A fix is available in v19+, with PT-Security recommending updating to a version that includes the patch; earlier guidance suggests restricting QR payments as a tempora...

PT-2024-24212 · Unknown · Designa Abacus

Name of the Vulnerable Software and Affected Versions: DESIGNA ABACUS versions prior to v.19 Description: The issue allows an attacker to bypass the payment process via a crafted QR code. Recommendations: For versions prior to v.19, update to a version that includes a fix for this issue to preven...

CVE-2024-31802

DESIGNA ABACUS v.18 and before allows an attacker to bypass the payment process via a crafted QR code...

TrueLayer.Client SSRF when fetching payment or payment provider

Impact The vulnerability could potentially allow a malicious actor to gain control over the destination URL of the HttpClient used in the API classes. For applications using the SDK, requests to unexpected resources on local networks or to the internet could be made which could lead to informatio...

CardGate Payments plugin for WooCommerce does not validate request origin

An issue was discovered in the CardGate Payments plugin through 3.1.15 for WooCommerce. Lack of origin authentication in the IPN callback processing function in cardgate/cardgate.php allows an attacker to remotely replace critical plugin settings merchant ID, secret key, etc. and therefore bypass...

GHSA-5PQ5-9PHV-Q5J3 CardGate Payments plugin for WooCommerce does not validate request origin

An issue was discovered in the CardGate Payments plugin through 3.1.15 for WooCommerce. Lack of origin authentication in the IPN callback processing function in cardgate/cardgate.php allows an attacker to remotely replace critical plugin settings merchant ID, secret key, etc. and therefore bypass...

Google Chrome Security Bypass Vulnerability (CNVD-2020-29234)

Google Chrome is a web browser from Google, an American company. A security vulnerability exists in Google Chrome prior to version 83.0.4103.61 that stems from insufficient policy enforcement during the payment process. The vulnerability can be exploited by an attacker to bypass security...

Magento WooCommerce CardGate Payment Gateway 2.0.30 - Payment Process Bypass Exploit

Exploit for php platform in category web applications Exploit Title: Magento WooCommerce CardGate Payment Gateway 2.0.30 - Payment Process Bypass Exploit Author: GeekHack Vendor Homepage: https://www.cardgate.com www.curopayments.com Software Link:...

WordPress WooCommerce CardGate Payment Gateway 3.1.15 Plugin - Payment Process Bypass Exploit

Exploit for php platform in category web applications Exploit Title: WordPress Plugin WooCommerce CardGate Payment Gateway 3.1.15 - Payment Process Bypass Exploit Author: GeekHack Vendor Homepage: https://www.cardgate.com www.curopayments.com Software Link:...

CVE-2020-8819

An issue was discovered in the CardGate Payments plugin through 3.1.15 for WooCommerce. Lack of origin authentication in the IPN callback processing function in cardgate/cardgate.php allows an attacker to remotely replace critical plugin settings merchant ID, secret key, etc. and therefore bypass...

Authentication flaw

An issue was discovered in the CardGate Payments plugin through 3.1.15 for WooCommerce. Lack of origin authentication in the IPN callback processing function in cardgate/cardgate.php allows an attacker to remotely replace critical plugin settings merchant ID, secret key, etc. and therefore bypass...

CVE-2020-8818

An issue was discovered in the CardGate Payments plugin through 2.0.30 for Magento 2. Lack of origin authentication in the IPN callback processing function in Controller/Payment/Callback.php allows an attacker to remotely replace critical plugin settings merchant ID, secret key, etc. and therefor...

WordPress WooCommerce CardGate Payment Gateway 3.1.15 Bypass

Exploit Title: WordPress Plugin WooCommerce CardGate Payment Gateway 3.1.15 - Payment Process Bypass Discovery Date: 2020-02-02 Public Disclosure Date: 2020-02-22 Exploit Author: GeekHack Vendor Homepage: https://www.cardgate.com www.curopayments.com Software Link:...

CVE-2020-8819

An issue was discovered in the CardGate Payments plugin through 3.1.15 for WooCommerce. Lack of origin authentication in the IPN callback processing function in cardgate/cardgate.php allows an attacker to remotely replace critical plugin settings merchant ID, secret key, etc. and therefore bypass...

CVE-2020-8818

An issue was discovered in the CardGate Payments plugin through 2.0.30 for Magento 2. Lack of origin authentication in the IPN callback processing function in Controller/Payment/Callback.php allows an attacker to remotely replace critical plugin settings merchant ID, secret key, etc. and therefor...

WordPress CardGate Payments for WooCommerce plugin <= 3.1.15 - Payment Process Bypass vulnerability

Payment Process Bypass vulnerability discovered by GeekHack in WordPress CardGate Payments for WooCommerce plugin versions = 3.1.15. Solution Update the WordPress CardGate Payments for WooCommerce plugin to the latest available version at least 3.1.16...

CardGate < 3.1.16 - Unauthorised Payments Hijacking and Order Status Spoofing

Lack of origin authentication CWE-346 at IPN callback processing function allow even unauthorized attacker to remotely replace critical plugin settings merchant id, secret key etc with known to him and therefore bypass payment process eg. spoof order status by manually sending IPN callback reques...

How to Make the Payment Process Easy for Online Customers

By Carolina If you want to increase conversions and sales, a good place to start is to make it as easy as possible for them to pay for your services or products. If your checkout page isn’t easy to use, it won’t matter how good your products or services are. Your checkout page is where they get …...

payment.internshala.com XSS vulnerability

Vulnerable URL: https://payment.internshala.com/trainings/process.php​ Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Coordinated Disclosure Timeline: Description...