10 matches found
CVE-2026-11575 PhonePe Payment Solutions < 3.1.0 - Unauthenticated Payment Bypass via Forged Callback
The PhonePe Payment Solutions WordPress plugin before 3.1.0 does not properly verify the authenticity of incoming payment callbacks: the secret used to validate the callback signature is empty on sites configured through the current setup flow, so the expected signature reduces to an unkeyed hash...
CVE-2026-11575
The vulnerability affects the PhonePe Payment Solutions WordPress plugin prior to 3.1.0. The issue is that the secret used to validate the callback signature is empty on sites configured through the current setup flow, causing the expected signature to be an unkeyed hash of the request body. This...
CVE-2026-11575
The PhonePe Payment Solutions WordPress plugin before 3.1.0 does not properly verify the authenticity of incoming payment callbacks: the secret used to validate the callback signature is empty on sites configured through the current setup flow, so the expected signature reduces to an unkeyed hash...
WordPress PhonePe Payment Solutions <=1.0.15 - Server-Side Request Forgery
WordPress PhonePe Payment Solutions plugin through 1.0.15 is susceptible to server-side request forgery. An attacker can cause a website to execute website requests to an arbitrary domain, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized...
VulnCheck KEV: CVE-2022-45835
Server-Side Request Forgery SSRF vulnerability in PhonePe PhonePe Payment Solutions.This issue affects PhonePe Payment Solutions: from n/a through 1.0.15...
CVE-2022-45835
Server-Side Request Forgery SSRF vulnerability in PhonePe PhonePe Payment Solutions.This issue affects PhonePe Payment Solutions: from n/a through 1.0.15...
CVE-2022-45835
The CVE-2022-45835 entry concerns the WordPress PhonePe Payment Solutions plugin, affected through version 1.0.15. The vulnerability is Server-Side Request Forgery (SSRF) that allows an attacker to have the server make requests to arbitrary domains, potentially exposing internal resources or enab...
WordPress Plugin PhonePe Payment Solutions Code Issue Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
PT-2023-14775 · Phonepe · Phonepe Payment Solutions
Name of the Vulnerable Software and Affected Versions: PhonePe Payment Solutions versions 1.0.0 through 1.0.15 Description: A Server-Side Request Forgery SSRF issue affects PhonePe Payment Solutions. This issue allows for potential unauthorized access to internal systems. Recommendations: For...
WordPress PhonePe Payment Solutions Plugin <= 1.0.15 is vulnerable to Server Side Request Forgery (SSRF)
Software PhonePe Payment Solutions Type Plugin Vulnerable versions = 1.0.15 Fixed in 2.0.0 OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2022-45835 Patch priority Medium CVSS severity Medium 5.8 Developer Claim ownership PSID 91a25d420946 Credits Aman Rawat...