Vulnerabilities and security researches forwoocommerce-product-payments woocommerce-product-payments

Jun 07, 2024

CVE, Research URL: 2f99ebc801ee2d4a7bbb3fbbc5165e2f25bbaf9a
Home page URL: Security reports for Payment gateway per Product for WooCommerce
Application: Payment gateway per Product for WooCommerce
Date: Feb 28, 2022
Research Description: Payment gateway per Product for WooCommerce [woocommerce-product-payments] < 3.2.8 WordPress Dreamfox Media Payment gateway per Product for Woocommerce plugin < 3.1.6 - Sensitive Information Disclosure vulnerability Sensitive Information Disclosure vulnerability discovered in WordPress Dreamfox Media Payment gateway per Product for Woocommerce plugin (versions < 3.1.6).
Affected versions: max 3.2.8.
Status: vulnerable

CVE, Research URL: CVE-2023-44144
Home page URL: Security reports for Payment gateway per Product for WooCommerce
Application: Payment gateway per Product for WooCommerce
Date: Oct 02, 2023
Research Description: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Dreamfox Payment gateway per Product for WooCommerce plugin <= 3.2.7 versions.
Affected versions: max 3.2.8.
Status: vulnerable

Nov 15, 2024

CVE, Research URL: CVE-2022-4974
Home page URL: Security reports for Payment gateway per Product for WooCommerce
Application: Payment gateway per Product for WooCommerce
Date: Oct 16, 2024
Research Description: The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
Affected versions: max 3.1.6.
Status: vulnerable

Dec 18, 2024

CVE, Research URL: CVE-2024-55996
Home page URL: Security reports for Payment gateway per Product for WooCommerce
Application: Payment gateway per Product for WooCommerce
Date: Dec 16, 2024
Research Description: Missing Authorization vulnerability in Dreamfox Dreamfox Media Payment gateway per Product for Woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dreamfox Media Payment gateway per Product for Woocommerce: from n/a through 3.5.6.
Affected versions: max 3.5.6.
Status: vulnerable