GHSA-9392-PJ54-QQF8 WWBN AVideo: Authenticated wallet credit bypass in AuthorizeNet processPayment endpoint

Summary plugin/AuthorizeNet/processPayment.json.php credits the logged-in user's wallet based only on the attacker-controlled amount POST parameter. The endpoint contains a TODO for real Authorize.Net charging, hardcodes $paymentSuccess = true, and then calls YPTWallet::addBalance without...

CVE-2026-47696

WWBN AVideo is an open source video platform. In 29.0 and earlier, plugin/AuthorizeNet/processPayment.json.php credits the logged-in user's wallet based only on the attacker-controlled amount POST parameter. The endpoint contains a TODO for real Authorize.Net charging, hardcodes $paymentSuccess =...

WordPress SureForms plugin <= 2.5.2 - Unauthenticated Payment Amount Validation Bypass via 'form_id' vulnerability

Unauthenticated Payment Amount Validation Bypass via 'formid' vulnerability discovered by Jack Pas Dark. - Black Lantern Security in WordPress Plugin SureForms versions = 2.5.2...

CVE-2026-4987 SureForms <= 2.5.2 - Unauthenticated Payment Amount Validation Bypass via 'form_id'

The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is vulnerable to Payment Amount Bypass in all versions up to, and including, 2.5.2. This is due to the createpaymentintent function performing a payment validation solely based on the value of a...

CVE-2026-4987

The CVE affects the SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress (all versions up to 2.5.2). The root cause is that create_payment_intent() validates the payment amount using a user-controlled parameter, enabling unauthenticated attackers to bypass confi...

WordPress plugin SureForms 输入验证错误漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-28706

Name of the Vulnerable Software and Affected Versions SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress versions up to and including 2.5.2 Description The SureForms plugin is susceptible to a Payment Amount Bypass issue. This occurs because the create payment...

WordPress Booking Calendar Contact Form Plugin Missing Authorization Vulnerability

WordPress Booking Calendar Contact Form Plugin is a tool for creating contact forms with booking calendar functionality, supporting date selection, price configuration, PayPal payment integration, etc. for hotel and event booking scenarios. The WordPress Booking Calendar Contact Form Plugin suffe...

WordPress plugin Tutor LMS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

EUVD-2015-7162

Malware in sbrugna...

EUVD-2024-2168

Malicious code in bioql PyPI...

EUVD-2024-17452

Malicious code in bioql PyPI...

Malicious code in op-payment-live-validation (npm)

The package op-payment-live-validation was found to contain malicious code...

PT-2025-27338 · Npm · Taylored

Critical Security Advisory for Taylored npm package v7.0.7 - tag 7.0.5 Summary A series of moderate to high-severity security vulnerabilities have been identified specifically in version 7.0.7 of taylored. These vulnerabilities reside in the "Backend-in-a-Box" template distributed with this...

CVE-2024-1718

The Claudio Sanches – Checkout Cielo for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient payment validation in the updateorderstatus function in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers t...

CVE-2015-7231

The Commerce Commonwealth CBA module 7.x-1.x before 7.x-1.5 for Drupal does not properly validate payments, which allows remote attackers to make a failed payment appear valid via a crafted URL, related to a "response from commweb."...

CVE-2024-1718

The Claudio Sanches – Checkout Cielo for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient payment validation in the updateorderstatus function in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers t...

CVE-2024-1718 Claudio Sanches – Checkout Cielo for WooCommerce <= 1.1.0 - Insufficient Verification of Data Authenticity to Order Payment Status Update

The Claudio Sanches – Checkout Cielo for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient payment validation in the updateorderstatus function in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers t...

CVE-2024-1718 Claudio Sanches – Checkout Cielo for WooCommerce <= 1.1.0 - Insufficient Verification of Data Authenticity to Order Payment Status Update

The Claudio Sanches – Checkout Cielo for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient payment validation in the updateorderstatus function in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers t...

Claudio Sanches – Checkout Cielo for WooCommerce <= 1.1.0 - Insufficient Verification of Data Authenticity to Order Payment Status Update

Description The Claudio Sanches – Checkout Cielo for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient payment validation in the updateorderstatus function in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated...