CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

77 matches found

CVE-2026-3640

The STRABL – A checkout solution plugin for WordPress is vulnerable to Missing Authentication in all versions up to and including 4.5. The plugin registers a REST API webhook endpoint at /wp-json/strabl/webhook/order with a permissioncallback of returntrue, which allows all incoming requests...

5.3CVSS0.00382EPSS

Exploits0References14

ATTACKERKB•added 6 days ago•16 views

CVE-2026-3640

5.3CVSS5.8AI score0.00382EPSS

Exploits0References15

GithubExploit•added 2026/06/09 11:32 a.m.•38 views

ecommerce-poc

Event-Driven E-Commerce Saga POC This project is a small even...

5.6AI score

Exploits0

RedhatCVE•added 2026/06/05 7:50 p.m.•5 views

CVE-2026-7862

The Eupago Gateway For Woocommerce WordPress plugin before 4.7.2 does not properly restrict access to its refund request handler, allowing unauthenticated attackers to initiate refunds against any WooCommerce order using the merchant's payment gateway credentials, and for applicable payment...

8.6CVSS5.5AI score0.00215EPSS

Exploits0References1

NVD•added 2026/05/28 8:16 a.m.•10 views

CVE-2026-7862

8.6CVSS0.00215EPSS

Exploits0References1

ATTACKERKB•added 2026/05/28 6:0 a.m.•8 views

CVE-2026-7862

5.8AI score0.00215EPSS

Exploits0References1

Vulnrichment•added 2026/05/28 6:0 a.m.•8 views

CVE-2026-7862 Eupago Gateway For Woocommerce < 4.7.2 - Unauthenticated Arbitrary Refund Initiation

5.8AI score0.00215EPSS

Exploits0References1

CVE•added 2026/05/28 6:0 a.m.•15 views

CVE-2026-7862

The CVE-2026-7862 entry concerns the Eupago Gateway For Woocommerce WordPress plugin (pre-4.7.2). The vulnerability allows unauthenticated attackers to initiate refunds against any WooCommerce order via the merchant’s payment gateway credentials, and for applicable payment methods, redirect refun...

8.6CVSS5.8AI score0.00215EPSS

Exploits0References1

Cvelist•added 2026/05/28 6:0 a.m.•31 views

CVE-2026-7862 Eupago Gateway For Woocommerce < 4.7.2 - Unauthenticated Arbitrary Refund Initiation

0.00215EPSS

Exploits0References1

EUVD•added 2026/05/28 6:0 a.m.•10 views

EUVD-2026-32727

8.6CVSS5.8AI score0.00215EPSS

Exploits0References1

CNNVD•added 2026/05/28 12:0 a.m.•7 views

WordPress plugin Eupago Gateway For Woocommerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.6CVSS5.8AI score0.00215EPSS

Exploits0References1

Positive Technologies•added 2026/05/28 12:0 a.m.•12 views

PT-2026-44207

Name of the Vulnerable Software and Affected Versions Eupago Gateway For Woocommerce WordPress plugin versions prior to 4.7.2 Description The plugin fails to properly restrict access to its refund request handler. This allows unauthenticated attackers to initiate refunds for any WooCommerce order...

8.6CVSS5.8AI score0.00215EPSS

Exploits0References3

NVD•added 2026/02/10 8:15 a.m.•3 views

CVE-2026-1722

The WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.7.0. This is due to the plugin not implementing authorization checks in the wcfm-refund-requests-form AJAX controller. This...

5.3CVSS0.00294EPSS

Exploits0References4

Cvelist•added 2026/02/10 7:27 a.m.•24 views

CVE-2026-1722 WCFM Marketplace <= 3.7.0 - Insecure Direct Object Reference to Unauthenticated Arbitrary Refund Request Creation

5.3CVSS0.00294EPSS

Exploits0References4

CVE•added 2026/02/10 7:27 a.m.•16 views

CVE-2026-1722

CVE-2026-1722 affects WCFM Marketplace – Multivendor Marketplace for WooCommerce (WordPress) versions up to 3.7.0. The root cause is missing authorization checks in the wcfm-refund-requests-form AJAX controller, enabling unauthenticated users to create arbitrary refund requests for any order/item...

5.3CVSS5.7AI score0.00294EPSS

Exploits0References4

Positive Technologies•added 2026/02/10 12:0 a.m.•6 views

PT-2026-7240

5.3CVSS5.7AI score0.00294EPSS

Exploits0References5

Veracode•added 2026/01/09 10:24 a.m.•5 views

Improper Authorization

shopware/core is vulnerable to Improper Authorization. The vulnerability is due to refunds being disabled only at the UI level via the core.cart.enableOrderRefunds setting, which allows an attacker to bypass restrictions by sending a custom crafted request to cancel their own orders...

7AI score

Exploits0

NVD•added 2026/01/09 7:16 a.m.•14 views

CVE-2025-14720

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on multiple AJAX actions in all versions up to, and including, 1.2.38. This makes it possible for unauthenticated attackers to mark payments as...

5.3CVSS0.0028EPSS

Exploits0References2

CVE•added 2026/01/09 6:34 a.m.•16 views

CVE-2025-14720

CVE-2025-14720 : Booking for Appointments and Events Calendar – Amelia (WordPress) is vulnerable to unauthorized access due to missing capability checks on multiple AJAX actions in all versions up to 1.2.38. Unauthenticated attackers can mark payments as refunded, trigger sending of queued notifi...

5.3CVSS5.2AI score0.0028EPSS

Exploits0References2

Cvelist•added 2026/01/09 6:34 a.m.•25 views

CVE-2025-14720 Booking for Appointments and Events Calendar – Amelia <= 1.2.38 - Missing Authorization to Unauthenticated Multiple AJAX Actions

5.3CVSS0.0028EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by