277 matches found
CVE-2026-57402
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpdesk Flexible Refund and Return Order for WooCommerce flexible-refund-and-return-order-for-woocommerce allows Stored XSS.This issue affects Flexible Refund and Return Order for WooCommerce: from...
CVE-2026-57402
CVE-2026-57402 concerns the WordPress plugin Flexible Refund and Return Order for WooCommerce (versions
CVE-2026-57402 WordPress Flexible Refund and Return Order for WooCommerce plugin <= 1.0.51 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpdesk Flexible Refund and Return Order for WooCommerce flexible-refund-and-return-order-for-woocommerce allows Stored XSS.This issue affects Flexible Refund and Return Order for WooCommerce: from...
WordPress Flexible Refund and Return Order for WooCommerce plugin <= 1.0.51 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by hhhai in WordPress Plugin Flexible Refund and Return Order for WooCommerce versions = 1.0.51...
PT-2026-56032
Name of the Vulnerable Software and Affected Versions FOSSBilling versions prior to 0.8.0 Description The PayPalEmail payment adapter fails to validate the amount supplied via PayPal IPN Instant Payment Notification callbacks, specifically the mc gross variable, against the actual invoice total...
CVE-2026-7862
The Eupago Gateway For Woocommerce WordPress plugin before 4.7.2 does not properly restrict access to its refund request handler, allowing unauthenticated attackers to initiate refunds against any WooCommerce order using the merchant's payment gateway credentials, and for applicable payment...
CVE-2026-7862
The Eupago Gateway For Woocommerce WordPress plugin before 4.7.2 does not properly restrict access to its refund request handler, allowing unauthenticated attackers to initiate refunds against any WooCommerce order using the merchant's payment gateway credentials, and for applicable payment...
CVE-2026-7862 Eupago Gateway For Woocommerce < 4.7.2 - Unauthenticated Arbitrary Refund Initiation
The Eupago Gateway For Woocommerce WordPress plugin before 4.7.2 does not properly restrict access to its refund request handler, allowing unauthenticated attackers to initiate refunds against any WooCommerce order using the merchant's payment gateway credentials, and for applicable payment...
CVE-2026-7862
The CVE-2026-7862 entry concerns the Eupago Gateway For Woocommerce WordPress plugin (pre-4.7.2). The vulnerability allows unauthenticated attackers to initiate refunds against any WooCommerce order via the merchant’s payment gateway credentials, and for applicable payment methods, redirect refun...
WordPress plugin Eupago Gateway For Woocommerce 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
Your tax forms sell for $20 on the dark web
Tax season is also peak season for identity theft. Criminals use stolen personal data to file fake tax returns and claim refunds before the real taxpayer does. Here’s how the fraud works, and how to protect yourself. What is Stolen Identity Refund Fraud SIRF? Stolen Identity Refund Fraud SIRF is ...
A week in security (February 23 – March 1)
Last week on Malwarebytes Labs: Public Google API keys can be used to expose Gemini AI data Inside a fake Google security check that becomes a browser RAT Fake Zoom and Google Meet scams install Teramind: A technical deep dive How to understand and avoid Advanced Persistent Threats The Conduent...
Fake Avast Website Targets Users With €499 Phishing Refund Scam
Fraudsters clone Avast’s website to target French users with a €499 phishing scam, using urgency tactics, live chat, and card validation to steal payment data...
Refund scam impersonates Avast to harvest credit card details
A fraudulent website dressed in Avast’s brand is tricking French-speaking users into handing over their full credit card details—card number, expiry date, and three-digit security code—under the cover story of processing a €499.99 refund that was never owed to them. The operation combines live ch...
CVE-2026-1722
The WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.7.0. This is due to the plugin not implementing authorization checks in the wcfm-refund-requests-form AJAX controller. This...
CVE-2026-1722
The WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.7.0. This is due to the plugin not implementing authorization checks in the wcfm-refund-requests-form AJAX controller. This...
CVE-2026-1722 WCFM Marketplace <= 3.7.0 - Insecure Direct Object Reference to Unauthenticated Arbitrary Refund Request Creation
The WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.7.0. This is due to the plugin not implementing authorization checks in the wcfm-refund-requests-form AJAX controller. This...
CVE-2026-1722
The WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.7.0. This is due to the plugin not implementing authorization checks in the wcfm-refund-requests-form AJAX controller. This...
CVE-2026-1722 WCFM Marketplace <= 3.7.0 - Insecure Direct Object Reference to Unauthenticated Arbitrary Refund Request Creation
The WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.7.0. This is due to the plugin not implementing authorization checks in the wcfm-refund-requests-form AJAX controller. This...
CVE-2026-1722
CVE-2026-1722 affects WCFM Marketplace – Multivendor Marketplace for WooCommerce (WordPress) versions up to 3.7.0. The root cause is missing authorization checks in the wcfm-refund-requests-form AJAX controller, enabling unauthenticated users to create arbitrary refund requests for any order/item...