Lucene search
K

12 matches found

NVD
NVD
added 2026/06/06 12:16 a.m.12 views

CVE-2026-8608

The Event Monster – Event Management, Events Calendar, Tickets plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and including, 2.1.0. This is due to the capturepayment AJAX handler registered via wpajaxnoprivemcapturepayment trusting...

5.3CVSS0.00165EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/05 11:28 p.m.11 views

CVE-2026-8608 Event Monster <= 2.1.0 - Unauthenticated Insufficient Verification of Data Authenticity to Payment Bypass via em_capture_payment AJAX Action

The Event Monster – Event Management, Events Calendar, Tickets plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and including, 2.1.0. This is due to the capturepayment AJAX handler registered via wpajaxnoprivemcapturepayment trusting...

5.3CVSS5.6AI score0.00165EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/30 12:0 a.m.9 views

WordPress plugin Five Star Restaurant Reservations 数据伪造问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.7AI score0.00185EPSS
Exploits0References1
CVE
CVE
added 2026/02/27 9:23 a.m.17 views

CVE-2026-1305

The CVE-2026-1305 entry concerns the WordPress plugin Japanized for WooCommerce (WooCommerce for Japan) with an authentication bypass vulnerability. The root cause is a flawed paidy_webhook_permission_check that unconditionally returns true when the webhook signature header is omitted, allowing u...

5.3CVSS6AI score0.00407EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.9 views

PT-2026-22329

The Japanized for WooCommerce plugin for WordPress is vulnerable to Improper Authentication in versions up to, and including, 2.8.4. This is due to a flawed permission check in the paidy webhook permission check function that unconditionally returns true when the webhook signature header is...

5.3CVSS6AI score0.00407EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/02/19 1:29 p.m.7 views

CVE-2025-14444

The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to payment bypass due to insufficient verification of data authenticity on the 'processpaypalsdkpayment' function in all versions up to, and including, 6.0.6.9. This is...

5.3CVSS5.7AI score0.00216EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/22 8:30 a.m.6 views

CVE-2025-13318 Booking Calendar Contact Form <= 1.2.60 - Missing Authorization to Unauthenticated Arbitrary Booking Confirmation via 'dex_bccf_ipn' Parameter

The Booking Calendar Contact Form plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.2.60. This is due to missing authorization checks and payment verification in the dexbccfcheckIPNverification function. This makes it possible for unauthenticated...

5.3CVSS0.00265EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/11/12 12:6 p.m.8 views

CVE-2025-12788

The Hydra Booking — Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable to missing payment verification to unauthenticated payment bypass in all versions up to, and including, 1.1.27. This is due to the plugin accepting client-controlled payment confirmation data in the...

5.3CVSS5.9AI score0.00291EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/11 11:3 a.m.3 views

CVE-2025-12788 Hydra Booking – All in One Appointment Booking System | Appointment Scheduling, Booking Calendar & WooCommerce Bookings <= 1.1.27 - Missing Payment Verification to Unauthenticated Payment Bypass

The Hydra Booking — Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable to missing payment verification to unauthenticated payment bypass in all versions up to, and including, 1.1.27. This is due to the plugin accepting client-controlled payment confirmation data in the...

5.3CVSS5.6AI score0.00291EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/11 12:0 a.m.11 views

PT-2025-46323

Name of the Vulnerable Software and Affected Versions Hydra Booking — Appointment Scheduling & Booking Calendar plugin for WordPress versions prior to 1.1.28 Description The Hydra Booking plugin for WordPress has a flaw where payment verification is absent, allowing unauthenticated users to bypas...

5.3CVSS6.6AI score0.00291EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/10/25 12:0 a.m.5 views

PT-2025-43706

Name of the Vulnerable Software and Affected Versions Tutor LMS versions up to and including 3.8.3 Description The Tutor LMS plugin for WordPress is susceptible to unauthorized data modification. This occurs because of a missing capability check when verifying webhook signatures within the...

5.3CVSS5.8AI score0.00266EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2022/03/14 8:0 a.m.7 views

CVE-2021-4031

Syltek application before its 10.22.00 version, does not correctly check that a product ID has a valid payment associated to it. This could allow an attacker to forge a request and bypass the payment system by marking items as payed without any verification...

7.5CVSS7.2AI score0.00457EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder