Lucene search
K

24 matches found

CVE
CVE
added 5 days ago15 views

CVE-2026-9242

The CVE covers RegistrationMagic for WordPress (all versions up to 6.0.8.6) with an AUTHENTICATION BYPASS via forged PayPal IPN requests. The PayPal IPN callback is registered as a nopriv AJAX action with no authentication or nonce, and the handler writes attacker-controlled POST data (including ...

5.3CVSS5.8AI score0.00232EPSS
Exploits0References14
Cvelist
Cvelist
added 5 days ago37 views

CVE-2026-9242 RegistrationMagic <= 6.0.8.6 - Authenticated (Subscriber+) Authentication Bypass via Forged PayPal IPN Request

The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to Authentication Bypass via Insufficient Verification of Data Authenticity in all versions up to and including 6.0.8.6. This is due to the PayPal IPN callback handler...

5.3CVSS0.00232EPSS
Exploits0References14
Cvelist
Cvelist
added 2026/04/07 7:21 p.m.19 views

CVE-2026-39366 WWBN AVideo Affected by a PayPal IPN Replay Attack Enabling Wallet Balance Inflation via Missing Transaction Deduplication in ipn.php

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the PayPal IPN v1 handler at plugin/PayPalYPT/ipn.php lacks transaction deduplication, allowing an attacker to replay a single legitimate IPN notification to repeatedly inflate their wallet balance and renew subscriptions...

6.5CVSS0.0017EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/27 3:23 a.m.24 views

CVE-2026-2428 Fluent Forms Pro Add On Pack <= 6.1.17 - Missing Authorization to Unauthenticated Payment Status modification

The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in all versions up to, and including, 6.1.17. This is due to the PayPal IPN Instant Payment Notification verification being disabled by default disableipnverification defaults to...

7.5CVSS0.00139EPSS
Exploits0References2
CVE
CVE
added 2026/02/27 3:23 a.m.13 views

CVE-2026-2428

The CVE concerns the Fluent Forms Pro Add On Pack for WordPress, vulnerable in all versions up to 6.1.17 due to disabled PayPal IPN verification (disable_ipn_verification defaults to 'yes' in PayPalSettings.php). This enables unauthenticated attackers to send forged PayPal IPN notifications to th...

7.5CVSS5.4AI score0.00139EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2009-1364

Malware in sbrugna...

4.3CVSS6.4AI score0.0103EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-0624

Malware in sbrugna...

5.9CVSS5.9AI score0.01169EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2012-5668

Malware in sbrugna...

5.8CVSS6.4AI score0.0057EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.13 views

EUVD-2012-5685

Malware in sbrugna...

5.8CVSS6.2AI score0.00566EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/22 3:39 a.m.9 views

CVE-2012-5805

The PayPal IPN functionality in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, a different...

5.8CVSS6.7AI score0.00566EPSS
Exploits2References1
OSV
OSV
added 2020/08/31 10:54 p.m.17 views

GHSA-H698-R4HM-W94P Validation Bypass in paypal-ipn

Versions 2.x.x and earlier of paypal-ipn are affected by a validation bypass vulnerability. paypal-ipn uses the testipn parameter which is set by the PayPal IPN simulator to determine if it should use the production PayPal site or the sandbox. A motivated attacker could craft a request string usi...

5.9CVSS5.7AI score0.01169EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2020/08/31 10:54 p.m.46 views

Validation Bypass in paypal-ipn

Versions 2.x.x and earlier of paypal-ipn are affected by a validation bypass vulnerability. paypal-ipn uses the testipn parameter which is set by the PayPal IPN simulator to determine if it should use the production PayPal site or the sandbox. A motivated attacker could craft a request string usi...

5.9CVSS5.7AI score0.01169EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2018/05/29 8:29 p.m.14 views

Design/Logic Flaw

paypal-ipn before 3.0.0 uses the testipn parameter which is set by the PayPal IPN simulator to determine if it should use the production PayPal site or the sandbox. With a bit of time, an attacker could craft a request using the simulator that would fool any application which does not explicitly...

4.3CVSS6.8AI score0.01169EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2018/05/29 8:0 p.m.13 views

CVE-2014-10067

paypal-ipn before 3.0.0 uses the testipn parameter which is set by the PayPal IPN simulator to determine if it should use the production PayPal site or the sandbox. With a bit of time, an attacker could craft a request using the simulator that would fool any application which does not explicitly...

5.6AI score0.01169EPSS
Exploits0References2
CVE
CVE
added 2018/05/29 8:0 p.m.51 views

CVE-2014-10067

CVE-2014-10067 affects the paypal-ipn package up to version 2.x; a validation bypass exists due to the test_ipn parameter (set by the PayPal IPN simulator) that determines whether to use production or sandbox. An attacker could craft a request via the simulator to force sandbox mode, potentially ...

5.9CVSS5.6AI score0.01169EPSS
Exploits0References2Affected Software1
exploitpack
exploitpack
added 2017/02/20 12:0 a.m.22 views

Joomla! Component PayPal IPN for DOCman 3.1 - id SQL Injection

Joomla! Component PayPal IPN for DOCman 3.1 - id SQL Injection Exploit Title: Joomla! Component PayPal IPN for DOCman v3.1 - SQL Injection Google Dork: inurl:index.php?option=comdocmanpaypal Date: 20.02.2017 Vendor Homepage: http://shopfiles.com/ Software Buy:...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2017/02/20 12:0 a.m.33 views

Joomla PayPal IPN For Docman 3.1 SQL Injection

Exploit Title: Joomla! Component PayPal IPN for DOCman v3.1 - SQL Injection Google Dork: inurl:index.php?option=comdocmanpaypal Date: 20.02.2017 Vendor Homepage: http://shopfiles.com/ Software Buy:...

0.5AI score
Exploits0
Node.js
Node.js
added 2015/10/17 7:41 p.m.31 views

Validation Bypass

Overview Versions 2.x.x and earlier of paypal-ipn are affected by a validation bypass vulnerability. paypal-ipn uses the testipn parameter which is set by the PayPal IPN simulator to determine if it should use the production PayPal site or the sandbox. A motivated attacker could craft a request...

4.3CVSS2.9AI score0.01169EPSS
Exploits0Affected Software1
NVD
NVD
added 2012/11/04 10:55 p.m.13 views

CVE-2012-5788

The PayPal IPN utility does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the PHP...

5.8CVSS6.6AI score0.0057EPSS
Exploits1References2
Prion
Prion
added 2012/11/04 10:55 p.m.20 views

Code injection

The PayPal IPN functionality in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, a different...

5.8CVSS6.7AI score0.00566EPSS
Exploits2References1
Rows per page
Query Builder