EUVD-2026-29457

Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal WP EasyPay wp-easy-pay allows Retrieve Embedded Sensitive Data.This issue affects WP EasyPay: from n/a through = 4.3.0...

CVE-2026-32587

Missing Authorization vulnerability in Saad Iqbal WP EasyPay wp-easy-pay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP EasyPay: from n/a through = 4.2.11...

CVE-2026-32587

Missing Authorization vulnerability in Saad Iqbal WP EasyPay wp-easy-pay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP EasyPay: from n/a through = 4.2.11...

CVE-2026-32587 WordPress WP EasyPay plugin <= 4.2.11 - Broken Access Control vulnerability

Missing Authorization vulnerability in Saad Iqbal WP EasyPay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP EasyPay: from n/a through 4.2.11...

PT-2026-25764

Missing Authorization vulnerability in Saad Iqbal WP EasyPay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP EasyPay: from n/a through 4.2.11...

EUVD-2022-49952

Malicious code in bioql PyPI...

CVE-2021-4411

The WP EasyPay – Square for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.0. This is due to missing or incorrect nonce validation on the wpepdownloadtransactioninexcel function. This makes it possible for unauthenticated attackers...

CVE-2024-5861

CVE-2024-5861 affects the WordPress plugin WP EasyPay – Square for WordPress (versions

CVE-2024-5861 WP Easy Pay (Free) <= 4.2.3 - Missing Authorization to Unauthenticated Service Disconnection

The WP EasyPay – Square for WordPress plugin for WordPress is vulnerable to unauthorized modification of datadue to a missing capability check on the wpepsquaredisconnect function in all versions up to, and including, 4.2.3. This makes it possible for unauthenticated attackers to disconnect squar...

CVE-2024-5861 WP Easy Pay (Free) <= 4.2.3 - Missing Authorization to Unauthenticated Service Disconnection

The WP EasyPay – Square for WordPress plugin for WordPress is vulnerable to unauthorized modification of datadue to a missing capability check on the wpepsquaredisconnect function in all versions up to, and including, 4.2.3. This makes it possible for unauthenticated attackers to disconnect squar...

WordPress WP EasyPay Plugin <= 4.2.3 is vulnerable to Broken Access Control

Software WP EasyPay Type Plugin Vulnerable versions = 4.2.3 Fixed in 4.2.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5861 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 60a90782a604 Credits Lucio Sá Required privilege...

CVE-2023-1465

CVE-2023-1465 affects the WordPress plugin WP EasyPay (versions before 4.1). The issue is a failure to escape generated URLs before output, causing a reflected XSS vulnerability that could be triggered against high-privilege users (e.g., admins). Public details in PatchStack and CVE sources confi...

CVE-2021-4411 WP EasyPay – Square for WordPress <= 3.2.0 - Cross-Site Request Forgery Bypass

The WP EasyPay – Square for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.0. This is due to missing or incorrect nonce validation on the wpepdownloadtransactioninexcel function. This makes it possible for unauthenticated attackers...

CVE-2021-4411 WP EasyPay – Square for WordPress <= 3.2.0 - Cross-Site Request Forgery Bypass

The WP EasyPay – Square for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.0. This is due to missing or incorrect nonce validation on the wpepdownloadtransactioninexcel function. This makes it possible for unauthenticated attackers...

CVE-2021-4411

CVE-2021-4411 involves the WP EasyPay – Square for WordPress plugin for WordPress, with a Cross-Site Request Forgery flaw up to version 3.2.0 caused by missing or incorrect nonce validation in the wpep_download_transaction_in_excel() function. This allows unauthenticated attackers to trigger a tr...

CVE-2022-47177 WordPress WP EasyPay Plugin <= 4.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in WP Easy Pay WP EasyPay – Square for WordPress plugin = 4.1 versions...

WP EasyPay < 4.1 - Reflected Cross-Site Scripting

The plugin does not escape some generated URLs before outputting them back in pages, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin PoC When there is no account connected, make a logged in admin open...

WP EasyPay < 4.1 - Reflected Cross-Site Scripting

The plugin does not escape some generated URLs before outputting them back in pages, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin When there is no account connected, make a logged in admin open...

WP EasyPay < 4.1 - CSRF

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...