CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

17 matches found

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2025-13652

Malicious code in bioql PyPI...

4.3CVSS6.1AI score0.00191EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-19262

Malicious code in bioql PyPI...

8.8CVSS6.3AI score0.00194EPSS

Exploits0References1

RedhatCVE•added 2025/09/11 4:26 p.m.•3 views

CVE-2025-32689

Improper Validation of Specified Quantity in Input vulnerability in Convers Lab WP SmartPay smartpay.This issue affects WP SmartPay: from n/a through = 2.8.2...

7.5CVSS5.9AI score0.00082EPSS

Exploits0References1

OSV•added 2025/07/02 4:15 a.m.•5 views

CVE-2025-3848

Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-25171. Reason: This candidate is a reservation duplicate of CVE-2025-25171. Notes: All CVE users should reference CVE-2025-25171 instead of this candidate. All references and descriptions in this candidate have been...

6.4AI score

Exploits0

Vulnrichment•added 2025/07/02 3:47 a.m.•3 views

CVE-2025-3848

...

6.4AI score

Exploits0

CVE•added 2025/07/02 3:47 a.m.•17 views

CVE-2025-3848

The WP SmartPay WordPress plugin (versions 1.1.0–2.7.13) is vulnerable to privilege escalation via account takeover due to improper validation in the update() function. An authenticated user with Subscriber level or higher can change arbitrary users’ emails (including admins) and then reset passw...

7.5AI score

Exploits0

Positive Technologies•added 2025/07/02 12:0 a.m.•0 views

PT-2025-27585 · WordPress · Wp Smartpay

Name of the Vulnerable Software and Affected Versions: WP SmartPay plugin for WordPress versions 1.1.0 through 2.7.13 Description: The issue is related to privilege escalation via account takeover. This occurs because the plugin does not properly validate a user's identity before updating their...

8.8CVSS6.8AI score

Exploits0References8

RedhatCVE•added 2025/06/29 12:6 p.m.•7 views

CVE-2025-25171

Authentication Bypass Using an Alternate Path or Channel vulnerability in Convers Lab WP SmartPay smartpay allows Authentication Abuse.This issue affects WP SmartPay: from n/a through = 2.7.13...

8.8CVSS5.9AI score0.00194EPSS

Exploits0References1

NVD•added 2025/06/27 12:15 p.m.•2 views

CVE-2025-25171

Authentication Bypass Using an Alternate Path or Channel vulnerability in Convers Lab WP SmartPay smartpay allows Authentication Abuse.This issue affects WP SmartPay: from n/a through = 2.7.13...

8.8CVSS0.00194EPSS

Exploits0References1

Cvelist•added 2025/06/27 11:52 a.m.•9 views

CVE-2025-25171 WordPress WP SmartPay plugin <= 2.7.13 - Account Takeover vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in Convers Lab WP SmartPay smartpay allows Authentication Abuse.This issue affects WP SmartPay: from n/a through = 2.7.13...

8.8CVSS0.00194EPSS

Exploits0References1

CVE•added 2025/06/27 11:52 a.m.•18 views

CVE-2025-25171

The CVE-2025-25171 entry concerns WordPress WP SmartPay up to version 2.7.13, where an Authentication Bypass via an alternate path or channel allows Authentication Abuse (potential account takeover). Affected component: WP SmartPay plugin; root cause described as an authentication bypass enabling...

8.8CVSS5.9AI score0.00194EPSS

Exploits0References1

Vulnrichment•added 2025/06/27 11:52 a.m.•2 views

CVE-2025-25171 WordPress WP SmartPay plugin <= 2.7.13 - Account Takeover vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in ThemesGrove WP SmartPay allows Authentication Abuse. This issue affects WP SmartPay: from n/a through 2.7.13...

8.8CVSS7.2AI score0.00194EPSS

Exploits0References1

Positive Technologies•added 2025/06/27 12:0 a.m.•2 views

PT-2025-27083 · WordPress · Wp Smartpay

Name of the Vulnerable Software and Affected Versions: WP SmartPay versions 2.7.13 and earlier Description: The issue is related to an Authentication Bypass Using an Alternate Path or Channel, allowing authentication abuse. Recommendations: For WP SmartPay versions 2.7.13 and earlier, update to a...

8.8CVSS7AI score0.00194EPSS

Exploits0References4

Vulnrichment•added 2025/05/07 1:43 a.m.•4 views

CVE-2025-3851 Download Manager and Payment Form WordPress Plugin – WP SmartPay 1.1.0 - 2.7.13 - Authenticated (Subscriber+) Information Exposure

The Download Manager and Payment Form WordPress Plugin – WP SmartPay plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 1.1.0 to 2.7.13 via the show function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, wit...

4.3CVSS4.3AI score0.00191EPSS

Exploits0References2

Positive Technologies•added 2025/05/07 12:0 a.m.•1 views

PT-2025-19907 · WordPress · Wp Smartpay

Name of the Vulnerable Software and Affected Versions: WP SmartPay plugin for WordPress versions 1.1.0 through 2.7.13 Description: The issue allows authenticated attackers with Subscriber-level access and above to view other users' data, including email addresses, names, and notes, due to missing...

4.3CVSS5.3AI score0.00191EPSS

Exploits0References7

Patchstack•added 2025/05/06 7:55 p.m.•3 views

WordPress WP SmartPay plugin 1.1.0-2.7.13 - Authenticated (Subscriber+) Information Exposure vulnerability

Authenticated Subscriber+ Information Exposure vulnerability discovered by kr0d in WordPress Plugin WP SmartPay versions 1.1.0-2.7.13...

4.3CVSS8.2AI score0.00191EPSS

Exploits0References1Affected Software1

Patchstack•added 2025/04/10 1:27 p.m.•6 views

WordPress Download Manager and Payment Form plugin <= 2.8.2 - Price Manipulation vulnerability

Price Manipulation vulnerability discovered by Abdi Pranata in WordPress Plugin WP SmartPay versions = 2.8.2...

7.5CVSS6.9AI score0.00082EPSS

Exploits0Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by