CVE-2024-5861
- EPSS 0.32%
- Veröffentlicht 24.07.2024 04:15:04
- Zuletzt bearbeitet 21.11.2024 09:48:29
The WP EasyPay – Square for WordPress plugin for WordPress is vulnerable to unauthorized modification of datadue to a missing capability check on the wpep_square_disconnect() function in all versions up to, and including, 4.2.3. This makes it possibl...
CVE-2023-1465
- EPSS 0.1%
- Veröffentlicht 16.08.2023 12:15:12
- Zuletzt bearbeitet 05.05.2025 16:15:28
The WP EasyPay WordPress plugin before 4.1 does not escape some generated URLs before outputting them back in pages, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin
CVE-2021-4411
- EPSS 0.11%
- Veröffentlicht 12.07.2023 04:15:10
- Zuletzt bearbeitet 21.11.2024 06:37:39
The WP EasyPay – Square for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.0. This is due to missing or incorrect nonce validation on the wpep_download_transaction_in_excel() function....
CVE-2022-47177
- EPSS 0.08%
- Veröffentlicht 25.05.2023 10:15:09
- Zuletzt bearbeitet 21.11.2024 07:31:38
Cross-Site Request Forgery (CSRF) vulnerability in WP Easy Pay WP EasyPay – Square for WordPress plugin <= 4.1 versions.