Malicious code in @vietmoney/react-native-vnpay-merchant (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector db7aa9187bf0ea16a7e5209406b93cd1b253b087a17bac46ad5cf79b8fa317f3 The package @vietmoney/react-native-vnpay-merchant was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview @vietmoney/react-native-vnpay-merchant is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization...

EUVD-2025-205927

Malicious code in @vietmoney/react-native-vnpay-merchant npm...

CVE-2025-12017

The VNPAY Payment gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message' parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitra...

WordPress plugin VNPAY Payment gateway 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2025-12017

The VNPAY Payment gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message' parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitra...

CVE-2025-12017

CVE-2025-12017 concerns the VNPAY Payment gateway plugin for WordPress. Based on Wordfence and PatchStack sources in connected documents, the vulnerability is a reflected cross-site scripting (Reflected XSS) via the message parameter, affecting all versions up to and including 1.0.0. The root cau...

EUVD-2025-35807

The VNPAY Payment gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message' parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitra...

CVE-2025-12017 VNPAY for Woocommerce <= 1.0.0 - Reflected Cross-Site Scripting

The VNPAY Payment gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message' parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitra...

CVE-2025-12017 VNPAY for Woocommerce <= 1.0.0 - Reflected Cross-Site Scripting

The VNPAY Payment gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message' parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitra...

PT-2025-43599

Name of the Vulnerable Software and Affected Versions VNPAY Payment gateway plugin for WordPress versions up to and including 1.0.0 Description The VNPAY Payment gateway plugin for WordPress is susceptible to Reflected Cross-Site Scripting due to inadequate input sanitization and output escaping...

WordPress VNPAY for Woocommerce plugin <= 1.0.0 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin VNPAY Payment gateway versions = 1.0.0...

EUVD-2024-49648

Malicious code in bioql PyPI...

CVE-2024-8914

The Thanh Toán Quét Mã QR Code Tự Động – MoMo, ViettelPay, VNPay và 40 ngân hàng Việt Nam plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0.1 due to incorrect use of the wpksesallowedhtml function, which allows the 'onclick' attribute for...

CVE-2024-8914 Thanh Toán Quét Mã QR Code Tự Động – MoMo, ViettelPay, VNPay và 40 ngân hàng Việt Nam <= 2.0.1 - Unauthenticated Stored Cross-Site Scripting

The Thanh Toán Quét Mã QR Code Tự Động – MoMo, ViettelPay, VNPay và 40 ngân hàng Việt Nam plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0.1 due to incorrect use of the wpksesallowedhtml function, which allows the 'onclick' attribute for...