Lucene search
K

6 matches found

NVD
NVD
added 2026/05/13 5:16 a.m.9 views

CVE-2025-14755

The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Price Manipulation and Insecure Direct Object Reference IDOR in all versions up to, and including, 4.0.1 only when used in combination with Cost Calculator Builder PRO. This is due to the ccbwoocommercepayment AJAX...

5.3CVSS0.00227EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/06 7:52 a.m.6 views

CVE-2026-2899

The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.1.17. This is due to the deleteFile method in the Uploader class lacking nonce verification and capability checks. The AJAX action is registered via...

6.5CVSS5.9AI score0.00223EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/17 3:24 a.m.8 views

EUVD-2026-3152

The Payment Button for PayPal plugin for WordPress is vulnerable to unauthorized order creation in all versions up to, and including, 1.2.3.41. This is due to the plugin exposing a public AJAX endpoint wppaypalcheckoutajaxprocessorder that processes checkout results without any authentication or...

5.3CVSS5.8AI score0.00314EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/01/17 3:24 a.m.5 views

CVE-2025-14463

The Payment Button for PayPal plugin for WordPress is vulnerable to unauthorized order creation in all versions up to, and including, 1.2.3.41. This is due to the plugin exposing a public AJAX endpoint wppaypalcheckoutajaxprocessorder that processes checkout results without any authentication or...

5.3CVSS5.6AI score0.00314EPSS
Exploits0References7
CVE
CVE
added 2026/01/17 3:24 a.m.30 views

CVE-2025-14463

CVE-2025-14463 affects the WordPress plugin “Payment Button for PayPal” (versions up to and including 1.2.3.41). The vulnerability arises from a publicly exposed AJAX endpoint (wppaypalcheckout_ajax_process_order) that processes checkout results without authentication or server-side verification,...

5.3CVSS5.9AI score0.00314EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/12/12 6:32 a.m.8 views

CVE-2025-13660 Guest Support <= 1.2.3 - Unauthenticated User Email Disclosure in guest_support_handler AJAX Endpoint

The Guest Support plugin for WordPress is vulnerable to User Email Disclosure in versions up to, and including, 1.2.3. This is due to the plugin exposing a public AJAX endpoint that allows anyone to search for and retrieve user email addresses without any authentication or capability checks. This...

5.3CVSS5.7AI score0.00294EPSS
Exploits0References4
Rows per page
Query Builder