6 matches found
CVE-2025-11890
CVE-2025-11890 : The Crypto Payment Gateway with Payeer for WooCommerce WordPress plugin is vulnerable to an unauthenticated payment bypass in all versions up to 1.0.3. The flaw stems from improper server-side verification of payment status via the /wc-api/bp-payeer-gateway-callback endpoint, all...
CVE-2024-6205
The PayPlus Payment Gateway WordPress plugin before 6.6.9 does not properly sanitise and escape a parameter before using it in a SQL statement via a WooCommerce API route available to unauthenticated users, leading to an SQL injection vulnerability...
VulnCheck KEV: CVE-2024-6205
The PayPlus Payment Gateway WordPress plugin before 6.6.9 does not properly sanitise and escape a parameter before using it in a SQL statement via a WooCommerce API route available to unauthenticated users, leading to an SQL injection vulnerability...
CVE-2024-6205
The PayPlus Payment Gateway WordPress plugin before 6.6.9 does not properly sanitise and escape a parameter before using it in a SQL statement via a WooCommerce API route available to unauthenticated users, leading to an SQL injection vulnerability...
CVE-2024-6205 PayPlus Payment Gateway < 6.6.9 - Unauthenticated SQLi
The PayPlus Payment Gateway WordPress plugin before 6.6.9 does not properly sanitise and escape a parameter before using it in a SQL statement via a WooCommerce API route available to unauthenticated users, leading to an SQL injection vulnerability...
WordPress Woocommerce 2.6.2 API Cross Site Scripting
------------------------------------------------------------------------ Persistent Cross-Site Scripting in Woocommerce WordPress plugin ------------------------------------------------------------------------ Sipke Mellema, July 2016...