8 matches found
CVE-2026-2729 Forminator ā Contact Form, Payment Form & Custom Form Builder <= 1.52.0 - Missing Authorization to Unauthenticated Stripe PaymentIntent Reuse / Underpayment Bypass via 'paymentid' Parameter
The Forminator plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.52.0. This is due to the plugin not properly verifying that a user is authorized to perform an action when processing attacker-supplied Stripe PaymentIntent identifiers in the public...
CVE-2026-2729
CVE-2026-2729 affects the WordPress plugin Forminator (versions up to 1.52.0). The vulnerability arises from missing authorization when processing attacker-supplied Stripe PaymentIntent identifiers during the public payment flow, allowing unauthenticated attackers to submit high-value paid forms ...
WordPress Forminator Forms ā Contact Form, Payment Form & Custom Form Builder plugin <= 1.52.0 - Missing Authorization to Unauthenticated Stripe PaymentIntent Reuse / Underpayment Bypass vulnerability
Missing Authorization to Unauthenticated Stripe PaymentIntent Reuse / Underpayment Bypass vulnerability discovered by Kittipat Jitphonchana in WordPress Plugin Forminator versions = 1.52.0...
A user could call mint() with less ETH than the mintPrice and improperly mint badges for a cheaper cost.
Lines of code Vulnerability details Impact users underpaying to mint badges will lead to loss of funds Proof of Concept It checks if msg.value is less than the required mintPrice, but it does not check for the case where msg.value mintPrice. This means: A user could send only 1 wei when the...
Borrower can pay very little collateral for a huge amount of more valuable asset.
Lines of code Vulnerability details Impact When an approved borrower calls borrowAsset , they are able to borrow as much asset as possible and passing the user controlled collateralAmount input with a lesser value worth of collateral. For example, a user can pay 1 USDC collateral and receive 1000...
IndexPool's flashswap trasfer before callback
Handle 0xsanson Vulnerability details Impact The flashswap function in IndexPool.sol doesn't fulfill its function. Indeed it should transfer tokens to the users before they need to pay back, but the transfer happens at the end: ... ITridentCalleemsg.sender.tridentSwapCallbackcontext; // @dev Chec...
c-lightning Security Vulnerabilities
A security vulnerability exists in c-lightning versions prior to 0.7.1 that stems from incorrect access control. A remote attacker could exploit the vulnerability by not paying or underpaying the total cash amount of a transaction...
Eclair has a logic flaw vulnerability
Eclair is a flash wallet for Android based systems.Eclair to 0.3 allows an attacker to trigger a loss of funds due to incorrect access control. An attacker could use the vulnerability to not pay or underpay the total amount of cash...