Lucene search
+L

4 matches found

CVE
CVE
added 2026/01/17 3:24 a.m.36 views

CVE-2025-14463

CVE-2025-14463 affects the WordPress plugin “Payment Button for PayPal” (versions up to and including 1.2.3.41). The vulnerability arises from a publicly exposed AJAX endpoint (wppaypalcheckout_ajax_process_order) that processes checkout results without authentication or server-side verification,...

5.3CVSS5.9AI score0.00314EPSS
Exploits0References6
EUVD
EUVD
added 2026/01/17 3:24 a.m.10 views

EUVD-2026-3152

The Payment Button for PayPal plugin for WordPress is vulnerable to unauthorized order creation in all versions up to, and including, 1.2.3.41. This is due to the plugin exposing a public AJAX endpoint wppaypalcheckoutajaxprocessorder that processes checkout results without any authentication or...

5.3CVSS5.8AI score0.00314EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/01/17 3:24 a.m.5 views

CVE-2025-14463

The Payment Button for PayPal plugin for WordPress is vulnerable to unauthorized order creation in all versions up to, and including, 1.2.3.41. This is due to the plugin exposing a public AJAX endpoint wppaypalcheckoutajaxprocessorder that processes checkout results without any authentication or...

5.3CVSS5.6AI score0.00314EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/12/12 6:32 a.m.8 views

CVE-2025-13660 Guest Support <= 1.2.3 - Unauthenticated User Email Disclosure in guest_support_handler AJAX Endpoint

The Guest Support plugin for WordPress is vulnerable to User Email Disclosure in versions up to, and including, 1.2.3. This is due to the plugin exposing a public AJAX endpoint that allows anyone to search for and retrieve user email addresses without any authentication or capability checks. This...

5.3CVSS5.7AI score0.00299EPSS
Exploits0References4
Rows per page
Query Builder