CVE-2025-14755

The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Price Manipulation and Insecure Direct Object Reference IDOR in all versions up to, and including, 4.0.1 only when used in combination with Cost Calculator Builder PRO. This is due to the ccbwoocommercepayment AJAX...

CVE-2025-14755 Cost Calculator Builder <= 4.0.1 - Unauthenticated Price Manipulation and Insecure Direct Object Reference

The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Price Manipulation and Insecure Direct Object Reference IDOR in all versions up to, and including, 4.0.1 only when used in combination with Cost Calculator Builder PRO. This is due to the ccbwoocommercepayment AJAX...

PT-2026-40557

The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Price Manipulation and Insecure Direct Object Reference IDOR in all versions up to, and including, 4.0.1 only when used in combination with Cost Calculator Builder PRO. This is due to the ccb woocommerce payment AJA...

EUVD-2025-13744

Malicious code in bioql PyPI...

CVE-2025-9463

The Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 1.117.5 due to insufficient escaping on the user supplied parameter and...

CVE-2025-47648

Cross-Site Request Forgery CSRF vulnerability in axima Pays – WooCommerce Payment Gateway axima-payment-gateway allows Stored XSS.This issue affects Pays – WooCommerce Payment Gateway: from n/a through = 2.6...

CVE-2025-47648

Cross-Site Request Forgery CSRF vulnerability in axima Pays – WooCommerce Payment Gateway axima-payment-gateway allows Stored XSS.This issue affects Pays – WooCommerce Payment Gateway: from n/a through = 2.6...

CVE-2025-47648 WordPress Pays – WooCommerce Payment Gateway plugin <= 2.6 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in axima Pays – WooCommerce Payment Gateway axima-payment-gateway allows Stored XSS.This issue affects Pays – WooCommerce Payment Gateway: from n/a through = 2.6...

CVE-2025-47648 WordPress Pays – WooCommerce Payment Gateway plugin <= 2.6 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in axima Pays – WooCommerce Payment Gateway axima-payment-gateway allows Stored XSS.This issue affects Pays – WooCommerce Payment Gateway: from n/a through = 2.6...

CVE-2025-47648

CVE-2025-47648 describes a Cross-Site Request Forgery (CSRF) vulnerability in the Pays – WooCommerce Payment Gateway plugin for WordPress, affecting versions n/a through 2.6. The issue enables a Stored XSS scenario as noted in multiple sources. Public technical details in connected documents conf...

PT-2025-20205 · Woocommerce · Pays – Woocommerce Payment Gateway

Name of the Vulnerable Software and Affected Versions: Pays – WooCommerce Payment Gateway versions n/a through 2.6 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. Recommendations: For versions n/a through 2.6, update to a version that fixes the CS...

CVE-2025-32513 WordPress Total processing card payments for WooCommerce plugin <= 7.1.6 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in totalprocessing Nomupay Payment Processing Gateway totalprocessing-card-payments allows Reflected XSS.This issue affects Nomupay Payment Processing Gateway: from n/a through = 7.1.6...

CVE-2024-52460

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in atarapay AtaraPay WooCommerce Payment Gateway atarapay-woocommerce allows Reflected XSS.This issue affects AtaraPay WooCommerce Payment Gateway: from n/a through = 2.0.13...

CVE-2024-0610

The CVE-2024-0610 entry concerns the Piraeus Bank WooCommerce Payment Gateway for WordPress. A time-based blind SQL Injection exists in the MerchantReference parameter across all versions up to and including 1.6.5.1, caused by insufficient escaping of user input and inadequate preparation of the ...