CVE-2025-5937
- EPSS 0.01%
- Veröffentlicht 28.06.2025 07:25:06
- Zuletzt bearbeitet 08.07.2025 14:46:09
The MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Wallet plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.0. This is due to missing or incorrect nonce validation on...
CVE-2025-31075
- EPSS 0.04%
- Veröffentlicht 28.03.2025 09:39:58
- Zuletzt bearbeitet 28.03.2025 18:11:40
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in videowhisper MicroPayments allows Stored XSS. This issue affects MicroPayments: from n/a through 2.9.29.
CVE-2025-26579
- EPSS 0.07%
- Veröffentlicht 26.03.2025 14:24:20
- Zuletzt bearbeitet 27.03.2025 16:45:27
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in videowhisper MicroPayments allows Reflected XSS. This issue affects MicroPayments: from n/a through 3.1.6.
CVE-2022-27629
- EPSS 0.14%
- Veröffentlicht 20.04.2022 02:15:09
- Zuletzt bearbeitet 21.11.2024 06:56:03
Cross-site request forgery (CSRF) vulnerability in 'MicroPayments - Paid Author Subscriptions, Content, Downloads, Membership' versions prior to 1.9.6 allows a remote unauthenticated attacker to hijack the authentication of an administrator and perfo...