The Easy Digital Downloads plugin for WordPress is vulnerable to Order Manipulation in all versions up to, and including, 3.5.2 due to an order verification bypass. The verification is unconditionally
The Easy Digital Downloads plugin for WordPress is vulnerable to Improper Authorization in versions 3.1 through 3.3.4. This is due to a lack of sufficient validation checks within the 'verify_guest_em
The Contact Form 7 – PayPal & Stripe Add-on plugin for WordPress is vulnerable to Payment Bypass via Insufficient Verification of Data Authenticity in all versions up to, and including, 2.4.9. Althoug
The Simpler Checkout plugin for WordPress is vulnerable to Authentication Bypass in versions 0.7.0 to 1.1.9. This is due to the plugin not properly verifying a user's identity prior to logging them in
The Payment Button for PayPal plugin for WordPress is vulnerable to unauthorized order creation in all versions up to, and including, 1.2.3.41. This is due to the plugin exposing a public AJAX endpoin
The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the currency value in all v
The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Title value in all versions up to, and including,
The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.7. This is due to missing nonce verification in the `handle_oauth_
The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's edd_receipt shortcode in all versions up
The Download Monitor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.7 via the executePayment() function due to missing validation on a
The WooCommerce PayPal Payments plugin for WordPress is vulnerable to unauthorized order manipulation and information disclosure due to missing authorization checks on the `ppc-create-order` and `ppc-
The Rede Itaú for WooCommerce plugin for WordPress is vulnerable to order status manipulation due to insufficient verification of data authenticity in all versions up to, and including, 5.1.2. This is
The EasyCommerce – AI-Powered, Fast & Beautiful WordPress Ecommerce Plugin plugin for WordPress is vulnerable to Privilege Escalation in versions 0.9.0-beta2 to 1.8.2. This is due to the /easycommerce
The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.0. This is due to missing nonce validations in the edd_sendwp_disc
The WooCommerce Stripe Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `ajax_pay_for_order()` function in all versions
The Xendit Payment plugin for WordPress is vulnerable to unauthorized order status manipulation in all versions up to, and including, 6.0.2. This is due to the plugin exposing a publicly accessible Wo
The Order Tip for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Improper Input Validation in all versions up to, and including, 1.5.4. This is due to lack of server-side validation
The Payment Gateway for Redsys & WooCommerce Lite plugin for WordPress is vulnerable to Improper Verification of Cryptographic Signature in versions up to, and including, 7.0.0 due to successful_reque
The Customer Email Verification for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.9.5. This is due to the presence of a shortcode that
The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is vulnerable to unauthorized order status modification in all versions up to, and including, 3.1.4. This is due to missing authorizat
Page 1+ Next →