Micropayments Security Vulnerabilities and Issues — Micropayments CVE List

Lucene search

VideowhisperMicropayments

4 matches found

CVE•added 2022/04/20 2:15 a.m.•85 views

CVE-2022-27629

Cross-site request forgery (CSRF) vulnerability in 'MicroPayments - Paid Author Subscriptions, Content, Downloads, Membership' versions prior to 1.9.6 allows a remote unauthenticated attacker to hijack the authentication of an administrator and perform unintended operation via unspecified vectors.

8.8CVSS8.8AI score0.00135EPSS

CVE•added 2025/03/26 3:16 p.m.•41 views

CVE-2025-26579

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in videowhisper MicroPayments allows Reflected XSS. This issue affects MicroPayments: from n/a through 3.1.6.

7.1CVSS9.5AI score0.00045EPSS

CVE•added 2025/03/28 10:15 a.m.•35 views

CVE-2025-31075

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in videowhisper MicroPayments allows Stored XSS. This issue affects MicroPayments: from n/a through 2.9.29.

6.5CVSS6.8AI score0.00029EPSS

CVE•added 2025/06/28 8:15 a.m.•10 views

CVE-2025-5937

The MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Wallet plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.0. This is due to missing or incorrect nonce validation on the adminOptions() function. This makes it possi...

4.3CVSS6.1AI score0.00016EPSS