CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

27 matches found

Patchstack•added 2026/04/16 3:45 p.m.•3 views

WordPress Redsys for WooCommerce Light plugin <= 7.0.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Redsys for WooCommerce Light versions = 7.0.0...

5.8AI score

Exploits0Affected Software1

Patchstack•added 2026/04/16 9:6 a.m.•1 views

WordPress Payment Gateway for Redsys & WooCommerce Lite plugin <= 7.0.0 - Improper Verification of Cryptographic Signature to Unauthenticated Payment Status Manipulation vulnerability

Improper Verification of Cryptographic Signature to Unauthenticated Payment Status Manipulation vulnerability discovered by Nguyen Ngoc Duc duc193 in WordPress Plugin Redsys for WooCommerce Light versions = 7.0.0...

7.5CVSS5.8AI score0.00017EPSS

Exploits0References1Affected Software1

EUVD•added 2026/04/16 6:31 a.m.•1 views

EUVD-2026-23194

The Payment Gateway for Redsys & WooCommerce Lite plugin for WordPress is vulnerable to Improper Verification of Cryptographic Signature in versions up to, and including, 7.0.0 due to successfulrequest handlers calculating a local signature but not validating DsSignature from the request before...

7.5CVSS5.8AI score0.00017EPSS

Exploits0References3

NVD•added 2026/04/16 6:16 a.m.•1 views

CVE-2026-5050

7.5CVSS0.00017EPSS

Exploits0References2

Vulnrichment•added 2026/04/16 5:29 a.m.•1 views

CVE-2026-5050 Payment Gateway for Redsys & WooCommerce Lite <= 7.0.0 - Improper Verification of Cryptographic Signature to Unauthenticated Payment Status Manipulation

7.5CVSS5.8AI score0.00017EPSS

Exploits0References2

Cvelist•added 2026/04/16 5:29 a.m.•40 views

CVE-2026-5050 Payment Gateway for Redsys & WooCommerce Lite <= 7.0.0 - Improper Verification of Cryptographic Signature to Unauthenticated Payment Status Manipulation

7.5CVSS0.00017EPSS

Exploits0References2

CVE•added 2026/04/16 5:29 a.m.•8 views

CVE-2026-5050

The CVE-2026-5050 entry details a vulnerability in the Payment Gateway for Redsys & WooCommerce Lite plugin for WordPress. Affected versions are up to and including 7.0.0. The root cause is improper verification of cryptographic signatures: successful_request() handlers compute a local signature ...

7.5CVSS5.8AI score0.00017EPSS

Exploits0References2

ATTACKERKB•added 2026/04/16 5:29 a.m.•1 views

CVE-2026-5050

7.5CVSS5.8AI score0.00017EPSS

Exploits0References3

Positive Technologies•added 2026/04/16 12:0 a.m.•0 views

PT-2026-33269

The Payment Gateway for Redsys & WooCommerce Lite plugin for WordPress is vulnerable to Improper Verification of Cryptographic Signature in versions up to, and including, 7.0.0 due to successful request handlers calculating a local signature but not validating Ds Signature from the request before...

7.5CVSS5.8AI score0.00017EPSS

Exploits0References3

CNNVD•added 2026/04/16 12:0 a.m.•4 views

WordPress plugin Payment Gateway for Redsys & WooCommerce Lite 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

7.5CVSS5.7AI score0.00017EPSS

Exploits0References1

RedhatCVE•added 2025/02/24 4:25 a.m.•12 views

CVE-2024-12467

The Pago por Redsys plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'DsMerchantParameters' parameter in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS6.3AI score0.00534EPSS

Exploits0References1

OSV•added 2025/02/22 5:15 a.m.•1 views

CVE-2024-12467

6.1CVSS6AI score0.00534EPSS

Exploits0References4

Vulnrichment•added 2025/02/22 4:21 a.m.•8 views

CVE-2024-12467 Pago por Redsys <= 1.0.12 - Reflected Cross-Site Scripting

6.1CVSS6AI score0.00534EPSS

Exploits0References4

CVE•added 2025/02/22 4:21 a.m.•55 views

CVE-2024-12467

CVE-2024-12467: Pago por Redsys WordPress plugin has a reflected XSS in Ds_MerchantParameters affecting all versions up to 1.0.12. Exploitation is unauthenticated; user action (e.g., clicking a link) triggers script execution. The issue is addressed in a subsequent release (1.0.13 per changelog),...

6.1CVSS6AI score0.00534EPSS

Exploits0References4Affected Software1

Cvelist•added 2025/02/22 4:21 a.m.•13 views

CVE-2024-12467 Pago por Redsys <= 1.0.12 - Reflected Cross-Site Scripting

6.1CVSS0.00534EPSS

Exploits0References4

CNNVD•added 2025/02/22 12:0 a.m.•0 views

WordPress plugin Pago por Redsys 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.1CVSS8.2AI score0.00534EPSS

Exploits0References5

Patchstack•added 2025/02/21 9:53 p.m.•1 views

WordPress Pago por Redsys plugin <= 1.0.12 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by José Aguilera in WordPress Plugin Pago por Redsys versions = 1.0.12...

6.1CVSS6.3AI score0.00534EPSS

Exploits0References1Affected Software1

CNNVD•added 2024/10/09 12:0 a.m.•2 views

编号撤回

RedSys 3DSecure is a payment security technology from RedSys, Spain, designed to improve the security of online transactions, especially during credit and debit card payments. This CVE number has been withdrawn...

6.8AI score

Exploits1References2

CNNVD•added 2024/10/09 12:0 a.m.•1 views

编号撤回

6.8AI score

Exploits1References3

CNNVD•added 2024/10/09 12:0 a.m.•1 views

编号撤回

6.8AI score

Exploits1References3

Rows per page