CVE-2025-32513

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in totalprocessing Nomupay Payment Processing Gateway totalprocessing-card-payments allows Reflected XSS.This issue affects Nomupay Payment Processing Gateway: from n/a through = 7.1.6...

CVE-2025-32513 WordPress Total processing card payments for WooCommerce plugin <= 7.1.6 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in totalprocessing Nomupay Payment Processing Gateway allows Reflected XSS. This issue affects Nomupay Payment Processing Gateway: from n/a through 7.1.6...

CVE-2025-32513 WordPress Total processing card payments for WooCommerce plugin <= 7.1.6 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in totalprocessing Nomupay Payment Processing Gateway totalprocessing-card-payments allows Reflected XSS.This issue affects Nomupay Payment Processing Gateway: from n/a through = 7.1.6...

CVE-2025-32513

CVE-2025-32513 affects the WordPress plugin Nomupay Payment Processing Gateway (Total processing card payments for WooCommerce). The issue is an improper input neutralization in web page generation causing a Reflected XSS . Affected: versions from n/a up to and including 7.1.6. Impact is describe...

PT-2025-17091 · Unknown · Nomupay Payment Processing Gateway

Name of the Vulnerable Software and Affected Versions: Nomupay Payment Processing Gateway versions n/a through 7.1.6 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables potential...

WordPress Total processing card payments for WooCommerce plugin <= 7.1.6 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin Nomupay Payment Processing Gateway versions = 7.1.6...

WordPress Total processing card payments for WooCommerce Plugin <= 7.1.5 - Arbitrary File Download vulnerability

Arbitrary File Download vulnerability discovered by LVT-tholv2k in WordPress Plugin Nomupay Payment Processing Gateway versions = 7.1.5...

GHSA-PQQ3-Q84H-PJ6X Sylius PayPal Plugin Payment Amount Manipulation Vulnerability

A vulnerability allows users to manipulate the final payment amount processed by PayPal. If a user modifies the item quantity in their shopping cart after initiating the PayPal Checkout process, PayPal will not receive the updated total amount. As a result, PayPal captures only the initially...

CVE-2025-29788 Sylius PayPal Plugin Payment Amount Manipulation Vulnerability

The Syliud PayPal Plugin is the Sylius Core Team’s plugin for the PayPal Commerce Platform. A vulnerability in versions prior to 1.6.1, 1.7.1, and 2.0.1 allows users to manipulate the final payment amount processed by PayPal. If a user modifies the item quantity in their shopping cart after...

CVE-2025-22661 WordPress Online Payments plugin <= 3.20.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in vcita.com Online Payments – Get Paid with PayPal, Square & Stripe allows Stored XSS. This issue affects Online Payments – Get Paid with PayPal, Square & Stripe: from n/a through 3.20.0...

Change Healthcare outages reportedly caused by ransomware

On Wednesday February 21, 2024, Change Healthcare—a subsidiary of UnitedHealth Group—experienced serious system outages due to a cyberattack. In a Form 8-K filing the company said it: “identified a suspected nation-state associated cyber security threat actor had gained access to some of the Chan...

Reddit: Infromation Disclosure To Use of Hard-coded Cryptographic Key

Vulnerability description not provided...

Critical Security Vulnerability Discovered in WooCommerce Stripe Gateway Plugin

A security flaw has been uncovered in the WooCommerce Stripe Gateway WordPress plugin that could lead to the unauthorized disclosure of sensitive information. The flaw, tracked as CVE-2023-34000, impacts versions 7.4.0 and below. It was addressed by the plugin maintainers in version 7.4.1, which...

The DarkSide Ransomware Gang

The New York Times has a long story on the DarkSide ransomware gang. A glimpse into DarkSides secret communications in the months leading up to the Colonial Pipeline attack reveals a criminal operation on the rise, pulling in millions of dollars in ransom payments each month. DarkSide offers what...

h1-ctf: [h1-2006 CTF] Payments for May have been processed!

Hi : First off thanks for a great CTF! It had its ups and downs mainly due to my mistakes but here is the final flag: ^FLAG^736c635d8842751b8aafa556154eb9f3$FLAG$ My write up can be found at https://devcraft.io/bountypay-h1-2006-ctf.html unpublished detailing the process, tools, and mistakes I ma...

PSD2 and Open Banking -- The New Way to Work Your Money

The main question behind the Payment Services Directive PSD2 and Open Banking: Is it innovative or just platitudes against competition? Open Banking allows a third party to perform certain acts with your financial institution on your behalf, such as enacting a payment or reviewing your spending...

Wawa Breach May Have Affected More Than 30 Million Customers

A recent dump of payment card information being sold on a popular online fraud marketplace suggests that more than 30 million payment cards may have been affected by a malware attack and data breach at Wawa convenience stores and gas stations that was first revealed in December. The Joker’s Stash...

Wawa Data Breach: Malware Stole Customer Payment Card Info

Popular convenience-store chain Wawa Inc. has disclosed a data breach potentially affecting all of its 850 locations. The breach stemmed from malware on its in-store payment processing systems that collected customers’ payment card data – for almost 10 months. The popular chain of Wawa convenienc...

Fin7 Cybergang Retools With New Malicious Code

The Fin7 cybercrime group has ramped up its offensive capabilities by adding new malicious code to its malware arsenal. Researchers said that this is evidence that Fin7 is still a growing threat despite the arrest of several Fin7 members in 2018. The notorious group has adopted a new dropper samp...

Breach at Hy-Vee Supermarket Chain Tied to Sale of 5M+ Stolen Credit, Debit Cards

On Tuesday of this week, one of the more popular underground stores peddling credit and debit card data stolen from hacked merchants announced a blockbuster new sale: More than 5.3 million new accounts belonging to cardholders from 35 U.S. states. Multiple sources now tell KrebsOnSecurity that th...