Lucene search
+L

277 matches found

NVD
NVD
added 5 days ago5 views

CVE-2026-57402

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpdesk Flexible Refund and Return Order for WooCommerce flexible-refund-and-return-order-for-woocommerce allows Stored XSS.This issue affects Flexible Refund and Return Order for WooCommerce: from...

6.5CVSS0.00161EPSS
Exploits0References1
CVE
CVE
added 5 days ago7 views

CVE-2026-57402

CVE-2026-57402 concerns the WordPress plugin Flexible Refund and Return Order for WooCommerce (versions

6.5CVSS6.1AI score0.00161EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago29 views

CVE-2026-57402 WordPress Flexible Refund and Return Order for WooCommerce plugin <= 1.0.51 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpdesk Flexible Refund and Return Order for WooCommerce flexible-refund-and-return-order-for-woocommerce allows Stored XSS.This issue affects Flexible Refund and Return Order for WooCommerce: from...

6.5CVSS0.00161EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/07/08 12:20 p.m.4 views

WordPress Flexible Refund and Return Order for WooCommerce plugin <= 1.0.51 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by hhhai in WordPress Plugin Flexible Refund and Return Order for WooCommerce versions = 1.0.51...

6.5CVSS6.1AI score0.00161EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.6 views

PT-2026-56032

Name of the Vulnerable Software and Affected Versions FOSSBilling versions prior to 0.8.0 Description The PayPalEmail payment adapter fails to validate the amount supplied via PayPal IPN Instant Payment Notification callbacks, specifically the mc gross variable, against the actual invoice total...

2.3CVSS5.9AI score0.00274EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:50 p.m.9 views

CVE-2026-7862

The Eupago Gateway For Woocommerce WordPress plugin before 4.7.2 does not properly restrict access to its refund request handler, allowing unauthenticated attackers to initiate refunds against any WooCommerce order using the merchant's payment gateway credentials, and for applicable payment...

8.6CVSS5.5AI score0.00215EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/28 6:0 a.m.9 views

CVE-2026-7862

The Eupago Gateway For Woocommerce WordPress plugin before 4.7.2 does not properly restrict access to its refund request handler, allowing unauthenticated attackers to initiate refunds against any WooCommerce order using the merchant's payment gateway credentials, and for applicable payment...

5.8AI score0.00215EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/28 6:0 a.m.13 views

CVE-2026-7862 Eupago Gateway For Woocommerce < 4.7.2 - Unauthenticated Arbitrary Refund Initiation

The Eupago Gateway For Woocommerce WordPress plugin before 4.7.2 does not properly restrict access to its refund request handler, allowing unauthenticated attackers to initiate refunds against any WooCommerce order using the merchant's payment gateway credentials, and for applicable payment...

5.8AI score0.00215EPSS
Exploits0References1
CVE
CVE
added 2026/05/28 6:0 a.m.26 views

CVE-2026-7862

The CVE-2026-7862 entry concerns the Eupago Gateway For Woocommerce WordPress plugin (pre-4.7.2). The vulnerability allows unauthenticated attackers to initiate refunds against any WooCommerce order via the merchant’s payment gateway credentials, and for applicable payment methods, redirect refun...

8.6CVSS5.8AI score0.00215EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

WordPress plugin Eupago Gateway For Woocommerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.6CVSS5.8AI score0.00215EPSS
Exploits0References1
Malwarebytes
Malwarebytes
added 2026/03/19 11:33 a.m.7 views

Your tax forms sell for $20 on the dark web

Tax season is also peak season for identity theft. Criminals use stolen personal data to file fake tax returns and claim refunds before the real taxpayer does. Here’s how the fraud works, and how to protect yourself. What is Stolen Identity Refund Fraud SIRF? Stolen Identity Refund Fraud SIRF is ...

6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/03/02 8:1 a.m.26 views

A week in security (February 23 &#8211; March 1)

Last week on Malwarebytes Labs: Public Google API keys can be used to expose Gemini AI data Inside a fake Google security check that becomes a browser RAT Fake Zoom and Google Meet scams install Teramind: A technical deep dive How to understand and avoid Advanced Persistent Threats The Conduent...

5.9AI score
Exploits0
HackRead
HackRead
added 2026/02/26 5:18 p.m.8 views

Fake Avast Website Targets Users With €499 Phishing Refund Scam

Fraudsters clone Avast’s website to target French users with a €499 phishing scam, using urgency tactics, live chat, and card validation to steal payment data...

5.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/02/24 8:28 a.m.9 views

Refund scam impersonates Avast to harvest credit card details

A fraudulent website dressed in Avast’s brand is tricking French-speaking users into handing over their full credit card details—card number, expiry date, and three-digit security code—under the cover story of processing a €499.99 refund that was never owed to them. The operation combines live ch...

5.5AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/02/11 7:30 a.m.6 views

CVE-2026-1722

The WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.7.0. This is due to the plugin not implementing authorization checks in the wcfm-refund-requests-form AJAX controller. This...

5.3CVSS5.7AI score0.00294EPSS
Exploits0References1
NVD
NVD
added 2026/02/10 8:15 a.m.5 views

CVE-2026-1722

The WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.7.0. This is due to the plugin not implementing authorization checks in the wcfm-refund-requests-form AJAX controller. This...

5.3CVSS0.00294EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/10 7:27 a.m.3 views

CVE-2026-1722 WCFM Marketplace <= 3.7.0 - Insecure Direct Object Reference to Unauthenticated Arbitrary Refund Request Creation

The WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.7.0. This is due to the plugin not implementing authorization checks in the wcfm-refund-requests-form AJAX controller. This...

5.3CVSS5.7AI score0.00294EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/10 7:27 a.m.4 views

CVE-2026-1722

The WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.7.0. This is due to the plugin not implementing authorization checks in the wcfm-refund-requests-form AJAX controller. This...

5.3CVSS5.7AI score0.00294EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/02/10 7:27 a.m.26 views

CVE-2026-1722 WCFM Marketplace <= 3.7.0 - Insecure Direct Object Reference to Unauthenticated Arbitrary Refund Request Creation

The WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.7.0. This is due to the plugin not implementing authorization checks in the wcfm-refund-requests-form AJAX controller. This...

5.3CVSS0.00294EPSS
Exploits0References4
CVE
CVE
added 2026/02/10 7:27 a.m.20 views

CVE-2026-1722

CVE-2026-1722 affects WCFM Marketplace – Multivendor Marketplace for WooCommerce (WordPress) versions up to 3.7.0. The root cause is missing authorization checks in the wcfm-refund-requests-form AJAX controller, enabling unauthenticated users to create arbitrary refund requests for any order/item...

5.3CVSS5.7AI score0.00294EPSS
Exploits0References4
Rows per page
Query Builder