Lucene search
K

5485 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/19 4:48 p.m.8 views

CVE-2017-20279

Joomla Payage 2.05 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the aid parameter. Attackers can send GET requests to index.php with malicious aid values in the makepayment task to extract sensitive...

8.8CVSS6AI score0.00237EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/19 4:48 p.m.10 views

EUVD-2017-19006

Joomla Payage 2.05 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the aid parameter. Attackers can send GET requests to index.php with malicious aid values in the makepayment task to extract sensitive...

8.8CVSS6AI score0.00237EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/06/19 9:10 a.m.4 views

WordPress UPI QR Code Payment Gateway for WooCommerce plugin <= 1.6.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by ParkHyunWoo in WordPress Plugin UPI QR Code Payment Gateway for WooCommerce versions = 1.6.2...

5.4CVSS5.9AI score0.00203EPSS
Exploits0Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/19 6:51 a.m.16 views

CVE-2026-3640

The STRABL – A checkout solution plugin for WordPress is vulnerable to Missing Authentication in all versions up to and including 4.5. The plugin registers a REST API webhook endpoint at /wp-json/strabl/webhook/order with a permissioncallback of returntrue, which allows all incoming requests...

5.3CVSS5.8AI score0.00382EPSS
Exploits0References15
Cvelist
Cvelist
added 2026/06/19 6:51 a.m.35 views

CVE-2026-3640 STRABL <= 4.5 - Unauthenticated Arbitrary Webhook Creation via REST API Endpoint

The STRABL – A checkout solution plugin for WordPress is vulnerable to Missing Authentication in all versions up to and including 4.5. The plugin registers a REST API webhook endpoint at /wp-json/strabl/webhook/order with a permissioncallback of returntrue, which allows all incoming requests...

5.3CVSS0.00382EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.19 views

PT-2026-50960

Name of the Vulnerable Software and Affected Versions Joomla Payage version 2.05 Description An SQL injection allows unauthenticated attackers to manipulate database queries by injecting SQL code through the aid parameter. Attackers can send GET requests to the 'index.php' endpoint with malicious...

8.8CVSS6.2AI score0.00237EPSS
Exploits0References6
The Hacker News
The Hacker News
added 2026/06/18 1:58 p.m.20 views

The Scripts on Your Checkout Page Are Now a PCI DSS Problem

An independent PCI assessor tested Reflectiz against the new PCI DSS rules. Here is the verdict: See the full QSA assessment here → When a customer types their card number into your checkout, their browser is running far more than your code. Analytics tags, a tag manager, a support widget, a...

5.7AI score
Exploits0
NVD
NVD
added 2026/06/17 2:17 p.m.10 views

CVE-2025-69189

Missing Authorization vulnerability in EMV JobBank allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JobBank: from n/a through 1.2.3...

7.3CVSS0.00178EPSS
Exploits0References1
NVD
NVD
added 2026/06/16 10:16 a.m.14 views

CVE-2026-2381

The WooCommerce Stripe Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxpayfororder function in all versions up to, and including, 10.7.0 This is due to a missing order ownership or orderkey verification when...

6.5CVSS0.00267EPSS
Exploits0References6
CVE
CVE
added 2026/06/16 9:31 a.m.62 views

CVE-2026-2381

The CVE concerns the WooCommerce Stripe Payment Gateway plugin for WordPress, affected in all versions up to 10.7.0. Root cause: missing capability check and missing order ownership/order_key verification in the wc_stripe_pay_for_order WC‑AJAX endpoint, with only a nonce validation. Impact: unaut...

6.5CVSS5.3AI score0.00267EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/16 9:31 a.m.11 views

EUVD-2026-37059

The WooCommerce Stripe Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxpayfororder function in all versions up to, and including, 10.7.0 This is due to a missing order ownership or orderkey verification when...

6.5CVSS5.3AI score0.00267EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.12 views

PT-2026-49633

Name of the Vulnerable Software and Affected Versions WooCommerce Stripe Payment Gateway versions prior to 10.7.1 Description The plugin is subject to unauthorized data modification because the ajax pay for order function lacks a capability check. Specifically, the wc stripe pay for order WC-AJAX...

6.5CVSS5.9AI score0.00267EPSS
Exploits0References9
EUVD
EUVD
added 2026/06/15 9:30 p.m.8 views

EUVD-2026-36918

Unauthenticated Sensitive Data Exposure in IDPay Payment Gateway for Woocommerce = 2.2.5 versions...

7.5CVSS5.2AI score0.00303EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 9:17 p.m.16 views

CVE-2026-49066

Unauthenticated Sensitive Data Exposure in Conekta Payment Gateway = 6.0.0 versions...

7.5CVSS0.00294EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 8:19 p.m.7 views

EUVD-2026-36873

Unauthenticated Sensitive Data Exposure in Conekta Payment Gateway = 6.0.0 versions...

7.5CVSS5.2AI score0.00294EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:19 p.m.28 views

CVE-2026-49066 WordPress Conekta Payment Gateway plugin <= 6.0.0 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Conekta Payment Gateway = 6.0.0 versions...

7.5CVSS0.00294EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/15 8:19 p.m.7 views

CVE-2026-49066 WordPress Conekta Payment Gateway plugin <= 6.0.0 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Conekta Payment Gateway = 6.0.0 versions...

7.5CVSS5.2AI score0.00294EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:18 p.m.13 views

CVE-2026-42655

CVE-2026-42655 affects the WordPress plugin “Best Payments Plugin for WP” (versions ≤ 4.6.19). The vulnerability is an unauthenticated payment bypass (unvalidated access) in the plugin, enabling bypass without credentials. CVSS‑3.1 base score 5.9 (MEDIUM) with attack vector Network, attack comple...

5.9CVSS5.2AI score0.00249EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/15 8:18 p.m.7 views

CVE-2026-42655 WordPress Best Payments Plugin for WP plugin <= 4.6.19 - Payment Bypass vulnerability

Unauthenticated Bypass Vulnerability in Best Payments Plugin for WP = 4.6.19 versions...

5.9CVSS5.2AI score0.00249EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:18 p.m.31 views

CVE-2026-39524 WordPress Masteriyo - LMS plugin <= 2.1.5 - Payment Bypass vulnerability

Unauthenticated Broken Access Control in Masteriyo - LMS = 2.1.5 versions...

7.5CVSS0.00246EPSS
Exploits0References1
Rows per page
Query Builder