EUVD-2018-17095

Malware in sbrugna...

CVE-2018-5316

The "SagePay Server Gateway for WooCommerce" plugin before 1.0.9 for WordPress has XSS via the includes/pages/redirect.php page parameter...

CVE-2025-2883

The Accept SagePay Payments Using Contact Form 7 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0 through the publicly accessible phpinfo.php script. This makes it possible for unauthenticated attackers to view potentially sensitive...

CVE-2025-2883 Accept SagePay Payments Using Contact Form 7 <= 2.0 - Unauthenticated Information Exposure

The Accept SagePay Payments Using Contact Form 7 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0 through the publicly accessible phpinfo.php script. This makes it possible for unauthenticated attackers to view potentially sensitive...

CVE-2025-2883 Accept SagePay Payments Using Contact Form 7 <= 2.0 - Unauthenticated Information Exposure

The Accept SagePay Payments Using Contact Form 7 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0 through the publicly accessible phpinfo.php script. This makes it possible for unauthenticated attackers to view potentially sensitive...

CVE-2025-2883

CVE-2025-2883 affects the WordPress plugin Accept SagePay Payments Using Contact Form 7. Exposed phpinfo.php in all versions up to 2.0 can leak potentially sensitive information publicly; exploitation would be unauthenticated. Wordfence lists this CVE as patched in its monitoring, and connected s...

WordPress plugin Accept SagePay Payments Using Contact Form 7 信息泄露漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. An information disclosure vulnerability exists in WordPress plugin Accept...

WordPress SagePay Server Gateway for WooCommerce Plugin < 1.0.9 XSS Vulnerability

The WordPress plugin Copyright C 2018 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the...

Sagepay - Critical - Access Bypass - SA-CONTRIB-2018-005

This module integrates the Sagepay payment service. Some of the URLs used while processing the payment are not sufficiently secured. This might allow attackers to resume a previously failed payment attempt or to view content that should only be shown after a succesful payment. This affects all...

WordPress SagePay Server Gateway for WooCommerce Plugin Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.SagePay Server Gateway for WooCommerce plugin is used in one of the payment plugin. A cross-site scripting...

WordPress SagePay Server Gateway for WooCommerce plugin <=1.0.8 - Unauthenticated Cross-Site Scripting (XSS) vulnerability

Unauthenticated Cross-Site Scripting XSS vulnerability found in WordPress SagePay Server Gateway for WooCommerce plugin versions =1.0.8. Solution Update the WordPress SagePay Server Gateway for WooCommerce plugin to the latest available version at least 1.0.9...

CVE-2018-5316

The "SagePay Server Gateway for WooCommerce" plugin before 1.0.9 for WordPress has XSS via the includes/pages/redirect.php page parameter...

Code injection

The "SagePay Server Gateway for WooCommerce" plugin before 1.0.9 for WordPress has XSS via the includes/pages/redirect.php page parameter...

CVE-2018-5316

The "SagePay Server Gateway for WooCommerce" plugin before 1.0.9 for WordPress has XSS via the includes/pages/redirect.php page parameter...

CVE-2018-5316

The "SagePay Server Gateway for WooCommerce" plugin before 1.0.9 for WordPress has XSS via the includes/pages/redirect.php page parameter...

CVE-2018-5316

CVE-2018-5316 affects the WordPress plugin “SagePay Server Gateway for WooCommerce” released for WooCommerce. The vulnerability is an unauthenticated cross-site scripting (XSS) in versions before 1.0.9, exploitable via the includes/pages/redirect.php page parameter. The underlying impact, as repo...

WordPress Sagepay Server Gateway For WooCommerce 1.0.7 XSS

Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable SagePay Server Gateway for WooCommerce 1.0.7 SagePay Server Gateway for WooCommerce is prone to a stored cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may...

WordPress Sagepay Server Gateway For WooCommerce 1.0.7 XSS Vulnerability

WordPress Sagepay Server Gateway For WooCommerce plugin version 1.0.7 suffers from a persistent cross site scripting vulnerability. Credit Ricardo Sanchez Vulnerable SagePay Server Gateway for WooCommerce 1.0.7 SagePay Server Gateway for WooCommerce is prone to a stored cross-site scripting...

SagePay Server Gateway for WooCommerce <= 1.0.8 - Unauthenticated Cross-Site Scripting (XSS)

The SagePay Server Gateway for WooCommerce WordPress plugin was affected by an Unauthenticated Cross-Site Scripting XSS security vulnerability...

Wordpress plugin sagepay-server-gateway-for-jigoshop has cross-site scripting hole

WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. The Wordpress plugin sagepay-server-gateway-for-jigoshop has a cross-site scripting hole. The program fails to filter user-supplied input, allowing attackers to fra...