CVE-2026-9189

The Contact Form 7 – PayPal & Stripe Add-on plugin for WordPress is vulnerable to Payment Bypass via Insufficient Verification of Data Authenticity in all versions up to, and including, 2.4.9. Although cf7pppaypalipnhandler correctly validates IPN authenticity by posting back to PayPal with...

CVE-2026-9189

Product & component : WordPress, Contact Form 7 – PayPal & Stripe Add-on. Vulnerability : Payment Bypass via IPN handling flaw in cf7pp_paypal_ipn_handler where the IPN payload’s mc_gross, mc_currency, or receiver_email aren’t compared against stored order values before passing the attacker-contr...

MC Hosting Coupons Script - Cross-Site Request Forgery

MC Hosting Coupons Script - Cross-Site Request Forgery Vulnerability: Cross-Site Request Forgery Date: 15.01.2017 Vendor Homepage: http://microcode.ws/ Script Name: MC Hosting Coupons Script Script Buy Now: http://microcode.ws/product/mc-hosting-coupons-php-script/3881 Author: İhsan Şencan Author...

wordpress Diary/Notebook theme email spoofing vulnerability-vulnerability warning-the black bar safety net

WordPress this Diary/Notebook theme is to have site5 design of a personal Journal blog system theme. The recent burst of the email spoofing vulnerability. Attach the perl script Exp: !/ usr/bin/perl Exploit Title: Diary/Notebook Site5 WordPress Theme - Email Spoofing Date: 15.07.2012 Exploit...