33 matches found
EUVD-2026-36973
Unauthenticated Broken Access Control in Redsys for WooCommerce Light = 7.0.0 versions...
CVE-2026-40741
Unauthenticated Broken Access Control in Redsys for WooCommerce Light = 7.0.0 versions...
CVE-2026-40741 WordPress Redsys for WooCommerce Light plugin <= 7.0.0 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Redsys for WooCommerce Light = 7.0.0 versions...
CVE-2026-40741
CVE-2026-40741 affects the WordPress plugin Redsys for WooCommerce Light up to version 7.0.0, exposing an unauthenticated broken access control vulnerability. The CVE entry notes unauthenticated access with high impact on integrity (CVSSv3.1: 7.5, I: High; A: None; C: None; V: Network, PR: None, ...
PT-2026-49408
Unauthenticated Broken Access Control in Redsys for WooCommerce Light = 7.0.0 versions...
CVE-2026-5050
The Payment Gateway for Redsys & WooCommerce Lite plugin for WordPress is vulnerable to Improper Verification of Cryptographic Signature in versions up to, and including, 7.0.0 due to successfulrequest handlers calculating a local signature but not validating DsSignature from the request before...
WordPress Redsys for WooCommerce Light plugin <= 7.0.0 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Redsys for WooCommerce Light versions = 7.0.0...
WordPress Payment Gateway for Redsys & WooCommerce Lite plugin <= 7.0.0 - Improper Verification of Cryptographic Signature to Unauthenticated Payment Status Manipulation vulnerability
Improper Verification of Cryptographic Signature to Unauthenticated Payment Status Manipulation vulnerability discovered by Nguyen Ngoc Duc duc193 in WordPress Plugin Redsys for WooCommerce Light versions = 7.0.0...
EUVD-2026-23194
The Payment Gateway for Redsys & WooCommerce Lite plugin for WordPress is vulnerable to Improper Verification of Cryptographic Signature in versions up to, and including, 7.0.0 due to successfulrequest handlers calculating a local signature but not validating DsSignature from the request before...
CVE-2026-5050
The Payment Gateway for Redsys & WooCommerce Lite plugin for WordPress is vulnerable to Improper Verification of Cryptographic Signature in versions up to, and including, 7.0.0 due to successfulrequest handlers calculating a local signature but not validating DsSignature from the request before...
CVE-2026-5050 Payment Gateway for Redsys & WooCommerce Lite <= 7.0.0 - Improper Verification of Cryptographic Signature to Unauthenticated Payment Status Manipulation
The Payment Gateway for Redsys & WooCommerce Lite plugin for WordPress is vulnerable to Improper Verification of Cryptographic Signature in versions up to, and including, 7.0.0 due to successfulrequest handlers calculating a local signature but not validating DsSignature from the request before...
CVE-2026-5050 Payment Gateway for Redsys & WooCommerce Lite <= 7.0.0 - Improper Verification of Cryptographic Signature to Unauthenticated Payment Status Manipulation
The Payment Gateway for Redsys & WooCommerce Lite plugin for WordPress is vulnerable to Improper Verification of Cryptographic Signature in versions up to, and including, 7.0.0 due to successfulrequest handlers calculating a local signature but not validating DsSignature from the request before...
CVE-2026-5050
The CVE-2026-5050 entry details a vulnerability in the Payment Gateway for Redsys & WooCommerce Lite plugin for WordPress. Affected versions are up to and including 7.0.0. The root cause is improper verification of cryptographic signatures: successful_request() handlers compute a local signature ...
CVE-2026-5050
The Payment Gateway for Redsys & WooCommerce Lite plugin for WordPress is vulnerable to Improper Verification of Cryptographic Signature in versions up to, and including, 7.0.0 due to successfulrequest handlers calculating a local signature but not validating DsSignature from the request before...
WordPress plugin Payment Gateway for Redsys & WooCommerce Lite 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
PT-2026-33269
The Payment Gateway for Redsys & WooCommerce Lite plugin for WordPress is vulnerable to Improper Verification of Cryptographic Signature in versions up to, and including, 7.0.0 due to successful request handlers calculating a local signature but not validating Ds Signature from the request before...
CVE-2024-12467
The Pago por Redsys plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'DsMerchantParameters' parameter in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2024-12467
The Pago por Redsys plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'DsMerchantParameters' parameter in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2024-12467 Pago por Redsys <= 1.0.12 - Reflected Cross-Site Scripting
The Pago por Redsys plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'DsMerchantParameters' parameter in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2024-12467 Pago por Redsys <= 1.0.12 - Reflected Cross-Site Scripting
The Pago por Redsys plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'DsMerchantParameters' parameter in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...