34 matches found
PayPlus Payment Gateway < 6.6.9 - SQL Injection
The PayPlus Payment Gateway WordPress plugin before 6.6.9 does not properly sanitise and escape a parameter before using it in a SQL statement via a WooCommerce API route available to unauthenticated users, leading to an SQL injection vulnerability. id: CVE-2024-6205 info: name: PayPlus Payment...
EUVD-2024-36763
Malicious code in bioql PyPI...
EUVD-2024-36679
Malicious code in bioql PyPI...
CVE-2024-6205
The PayPlus Payment Gateway WordPress plugin before 6.6.9 does not properly sanitise and escape a parameter before using it in a SQL statement via a WooCommerce API route available to unauthenticated users, leading to an SQL injection vulnerability...
CVE-2024-37564
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in PayPlus LTD PayPlus Payment Gateway.This issue affects PayPlus Payment Gateway: from n/a through 7.0.7...
CVE-2024-37459
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in PayPlus LTD PayPlus Payment Gateway allows Reflected XSS.This issue affects PayPlus Payment Gateway: from n/a through 6.6.8...
VulnCheck KEV: CVE-2024-6205
The PayPlus Payment Gateway WordPress plugin before 6.6.9 does not properly sanitise and escape a parameter before using it in a SQL statement via a WooCommerce API route available to unauthenticated users, leading to an SQL injection vulnerability...
WordPress PayPlus Payment Gateway SQL Injection Exploit
!/usr/bin/env python3.11 import requests import time def exploiturl: payload = "wc-api": "payplusgateway&statuscode=true&moreinfo=selectfromselectsleep5a" start = time.time with requests.Session as session: session.headers.update 'User-Agent': 'Mozilla/5.0 Windows NT 10.0; Win64; x64...
WordPress PayPlus Payment Gateway SQL Injection
!/usr/bin/env python3.11 import requests import time def exploiturl: payload = "wc-api": "payplusgateway&statuscode=true&moreinfo=selectfromselectsleep5a" start = time.time with requests.Session as session: session.headers.update 'User-Agent': 'Mozilla/5.0 Windows NT 10.0; Win64; x64...
CVE-2024-37459
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in PayPlus LTD PayPlus Payment Gateway allows Reflected XSS.This issue affects PayPlus Payment Gateway: from n/a through 6.6.8...
CVE-2024-37459
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in PayPlus LTD PayPlus Payment Gateway allows Reflected XSS.This issue affects PayPlus Payment Gateway: from n/a through 6.6.8...
CVE-2024-37459 WordPress PayPlus Payment Gateway plugin <= 6.6.8 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in PayPlus LTD PayPlus Payment Gateway allows Reflected XSS.This issue affects PayPlus Payment Gateway: from n/a through 6.6.8...
CVE-2024-37459 WordPress PayPlus Payment Gateway plugin <= 6.6.8 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in PayPlus LTD PayPlus Payment Gateway allows Reflected XSS.This issue affects PayPlus Payment Gateway: from n/a through 6.6.8...
CVE-2024-37459
CVE-2024-37459 is a reflected XSS vulnerability in PayPlus Payment Gateway (WordPress plugin) affecting PayPlus Gateway versions up to and including 6.6.8. The issue is triggered by improper input neutralization during web page generation. Public sources in connected docs corroborate the vulnerab...
Exploit for SQL Injection in Payplus Payplus_Payment_Gateway
CVE-2024-6205 pip install requests This is a...
PT-2024-27569 · Unknown · Payplus Payment Gateway
Name of the Vulnerable Software and Affected Versions: PayPlus Payment Gateway versions n/a through 6.6.8 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS. Recommendations: For...
CVE-2024-6205
The PayPlus Payment Gateway WordPress plugin before 6.6.9 does not properly sanitise and escape a parameter before using it in a SQL statement via a WooCommerce API route available to unauthenticated users, leading to an SQL injection vulnerability...
CVE-2024-6205
The PayPlus Payment Gateway WordPress plugin before 6.6.9 does not properly sanitise and escape a parameter before using it in a SQL statement via a WooCommerce API route available to unauthenticated users, leading to an SQL injection vulnerability...
CVE-2024-6205 PayPlus Payment Gateway < 6.6.9 - Unauthenticated SQLi
The PayPlus Payment Gateway WordPress plugin before 6.6.9 does not properly sanitise and escape a parameter before using it in a SQL statement via a WooCommerce API route available to unauthenticated users, leading to an SQL injection vulnerability...
CVE-2024-6205
CVE-2024-6205 concerns the PayPlus Payment Gateway WordPress plugin (