WordPress plugin WP EasyPay 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

EUVD-2026-15610

Authentication Bypass Using an Alternate Path or Channel vulnerability in ThimPress LearnPress Sepay Payment learnpress-sepay-payment allows Authentication Abuse.This issue affects LearnPress Sepay Payment: from n/a through = 4.0.0...

CVE-2025-12883

CVE-2025-12883 – The Campay Woocommerce Payment Gateway plugin for WordPress is vulnerable to an unauthenticated payment bypass in all versions up to 1.2.2. The issue arises from improper validation that a transaction occurred through the gateway, enabling unauthenticated attackers to bypass paym...

EUVD-2019-19220

Malware in sbrugna...

EUVD-2021-10288

Malware in sbrugna...

EUVD-2025-24939

Malicious code in bioql PyPI...

CVE-2025-10840

A weakness has been identified in SourceCodester Pet Grooming Management Software 1.0. This affects an unknown function of the file /admin/print-payment.php. This manipulation of the argument sql111 causes sql injection. The attack can be initiated remotely. The exploit has been made available to...

CVE-2025-4466

A vulnerability was found in itsourcecode Gym Management System 1.0. It has been classified as critical. This affects an unknown part of the file /ajax.php?action=savepayment. The manipulation of the argument registrationid leads to sql injection. It is possible to initiate the attack remotely. T...

CVE-2025-3247

The Contact Form 7 plugin for WordPress is vulnerable to Order Replay in all versions up to, and including, 6.0.5 via the 'wpcf7stripeskipspamcheck' function due to insufficient validation on a user controlled key. This makes it possible for unauthenticated attackers to reuse a single Stripe...

CVE-2025-29788 Sylius PayPal Plugin Payment Amount Manipulation Vulnerability

The Syliud PayPal Plugin is the Sylius Core Team’s plugin for the PayPal Commerce Platform. A vulnerability in versions prior to 1.6.1, 1.7.1, and 2.0.1 allows users to manipulate the final payment amount processed by PayPal. If a user modifies the item quantity in their shopping cart after...

CVE-2025-29788

CVE-2025-29788 affects the Sylius PayPal Plugin (Sylius Core Team) for PayPal Commerce. In versions prior to 1.6.1, 1.7.1, and 2.0.1, a vulnerability allows manipulating the final PayPal payment amount when a user changes the item quantity in the cart after initiating PayPal Express Checkout. Pay...

Cross Site Scripting

github.com/casdoor/casdoor is vulnerable to Cross Site Scripting. The vulnerability is due to improper input validation in the successUrl parameter that redirects users after a successful purchase. Attacker can craft a Casdoor link with a malicious URL and trick users into making a payment...

CVE-2024-33961

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'code' in...

CVE-2024-33972

CVE-2024-33972 concerns a SQL injection in PayPal, Credit Card and Debit Card Payment version 1.0 (janobe). The vulnerability is triggered via a crafted query in the /report/event_print.php endpoint, specifically via the 'events' parameter, enabling retrieval of stored information. The public doc...

PayPal,Credit Card and Debit Card Payment SQL注入漏洞

PayPal,Credit Card and Debit Card Payment is a PayPal, Credit Card and Debit Card Payment software by janobe individual developer. A SQL injection vulnerability exists in PayPal,Credit Card and Debit Card Payment version 1.0. An attacker can use this vulnerability to send a specially crafted quer...

SQL Injection

Overview opencart/opencart is a shopping cart system Affected versions of this package are vulnerable to SQL Injection. An SQL Injection issue was identified in the Divido payment extension for OpenCart, which is included by default in version 3.0.3.9. As an anonymous unauthenticated user, if the...

PerpetualAtlanticVaultLP incentives can be stolen via flash loan

Lines of code Vulnerability details Impact The liquidity pooled from the PerpetualAtlanticVaultLP is used by the core contract. This liquidity is provided by anyone, and after each epoch 1 week an incentive is paid after to further incentivise liquidity provision. However, the funds can be stolen...

Failed payment recorded has completed in Silverstripe Omnipay

Impact For a subset of Omnipay gateways those that use intermediary states like isNotification or isRedirect, if the payment identifier or success URL is exposed it is possible for payments to be prematurely marked as completed without payment being taken. This is mitigated by the fact that most...

CVE-2022-29254 Failed payment recorded has completed in silverstripe/silverstripe-omnipay

silverstripe-omnipay is a SilverStripe integration with Omnipay PHP payments library. For a subset of Omnipay gateways those that use intermediary states like isNotification or isRedirect, if the payment identifier or success URL is exposed it is possible for payments to be prematurely marked as...

CVE-2022-26273

EyouCMS v1.5.4 was discovered to lack parameter filtering in \user\controller\shop.php, leading to payment logic vulnerabilities...