| CVE/PSC | Application | Date | Affected versions | Description |
|---|---|---|---|---|
| Actual on: May 15, 2026, 16:05:51 | Entries count: 31 | |||
|
vulnerable
|
Jun 07, 2024, 08:06:43 |
Min -
Max 1.4
|
Elite crypto checkout [elite-crypto-checkout] <= 1.4 (unfixed) WordPress Elite crypto checkout Plugin <= 1.4 is vulnerable to Cross Site Scripting (XSS) No patched version available. Rafie Muhammad (Patchstack) discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Elite crypto checkout Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit ... | |
|
vulnerable
|
Jan 28, 2026, 01:01:34 |
Min -
Max 1.0.2
|
The Simple Crypto Shortcodes plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.2. This is due to missing nonce validation on the scs_backend function. This makes it possible for unauthenticated attackers to update plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |
|
Cryptocurrency (Token), Launchpad (Presale), ICO & IDO, Airdrop by TokenICO
vulnerable
|
Dec 11, 2025, 16:12:56 |
Min -
Max 2.4.6
|
The Cryptocurrency (Token), Launchpad (Presale), ICO & IDO, Airdrop by TokenICO plugin for WordPress is vulnerable to unauthenticated and unauthorized modification of data due to missing authentication and capability checks on the 'createSaleRecord' function in all versions up to, and including, 2.4.6. This makes it possible for unauthenticated attackers to manipulate presales counters. | |
|
Cryptocurrency (Token), Launchpad (Presale), ICO & IDO, Airdrop by TokenICO
vulnerable
|
Dec 11, 2025, 16:12:56 |
Min -
Max 2.4.6
|
The Cryptocurrency (Token), Launchpad (Presale), ICO & IDO, Airdrop by TokenICO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saveDeployedContract' function in all versions up to, and including, 2.4.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to overwrite the WordPress option `tokenico_deployed_contracts`, poisoning the smart contract addresses displayed. | |
|
Cryptocurrency Product for WooCommerce
vulnerable
|
Jun 07, 2024, 00:06:29 |
Min -
Max 3.14.6
|
Cryptocurrency Product for WooCommerce [cryptocurrency-product-for-woocommerce] < 3.14.6 WordPress Cryptocurrency Product for WooCommerce plugin <= 3.14.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability discovered in WordPress Cryptocurrency Product for WooCommerce plugin (versions <= 3.14.0). | |
|
Cryptocurrency Product for WooCommerce
vulnerable
|
Nov 15, 2024, 18:11:09 |
Min -
Max 3.14.6
|
The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. | |
|
vulnerable
|
Oct 30, 2024, 14:10:10 |
Min -
Max 2.16
|
The Crypto plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.15. This is due to missing nonce validation in the 'crypto_connect_ajax_process::check' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |
|
vulnerable
|
May 07, 2025, 01:05:17 |
Min -
Max 2.19
|
The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.15. This is due a to limited arbitrary method call to 'crypto_connect_ajax_process::log_in' function in the 'crypto_connect_ajax_process' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username. | |
|
vulnerable
|
May 07, 2025, 01:05:17 |
Min -
Max 2.20
|
The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.15. This is due to missing validation on the user being supplied in the 'crypto_connect_ajax_process::register' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username. | |
|
vulnerable
|
Dec 11, 2025, 09:12:50 |
Min -
Max 2.22
|
The Crypto plugin for WordPress is vulnerable to unauthorized manipulation of data in all versions up to, and including, 2.22. This is due to the plugin registering an unauthenticated AJAX action (wp_ajax_nopriv_crypto_connect_ajax_process) that allows calling the crypto_delete_json method with only a publicly-available nonce check. This makes it possible for unauthenticated attackers to delete specific JSON files matching the pattern *_pending.json within the wp-content/uploads/yak/ directory, causing data... | |
|
vulnerable
|
Dec 11, 2025, 09:12:50 |
Min -
Max 2.22
|
The Crypto plugin for WordPress is vulnerable to Information exposure in all versions up to, and including, 2.22. This is due to the plugin registering an unauthenticated AJAX action (wp_ajax_nopriv_crypto_connect_ajax_process) that allows calling the register and savenft methods with only a publicly-available nonce check and no wallet signature verification. This makes it possible for unauthenticated attackers to set a site-wide global authentication state via a single transient, bypassing all access contr... | |
|
CryptoCloud – Crypto Payment Gateway
vulnerable
|
May 26, 2025, 09:05:38 |
Min -
Max 2.1.2
|
Missing Authorization vulnerability in Crypto Cloud CryptoCloud - Crypto Payment Gateway allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CryptoCloud - Crypto Payment Gateway: from n/a through 2.1.2. | |
|
vulnerable
|
Dec 15, 2024, 11:12:34 |
Min -
Max 1.2.3
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CurrencyRate.today Cryptocurrency Price Widget allows Stored XSS.This issue affects Cryptocurrency Price Widget: from n/a through 1.2.3. | |
|
Cryptocurrency Payment Gateway for WooCommerce
vulnerable
|
Dec 12, 2025, 13:12:17 |
Min -
Max 2.0.22
|
The Cryptocurrency Payment Gateway for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'handle_optin_optout' function in all versions up to, and including, 2.0.22. This makes it possible for unauthenticated attackers to opt in and out of tracking. | |
|
vulnerable
|
Apr 02, 2025, 12:04:05 |
Min -
Max 2.0.1
|
Missing Authorization vulnerability in Blocksera Cryptocurrency Widgets Pack allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cryptocurrency Widgets Pack: from n/a through 2.0.1. | |
|
vulnerable
|
Jun 06, 2024, 23:06:57 |
Min -
Max 2.0
|
The Cryptocurrency Widgets Pack WordPress plugin before 2.0 does not sanitise and escape some parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. | |
|
vulnerable
|
Jun 06, 2024, 23:06:57 |
Min -
Max 2.0
|
Unauth. SQL Injection vulnerability in Cryptocurrency Widgets Pack Plugin <=1.8.1 on WordPress. | |
|
vulnerable
|
Jun 07, 2024, 04:06:18 |
Min -
Max 1.9.0
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CurrencyRate.Today Crypto Converter Widget allows Stored XSS.This issue affects Crypto Converter Widget: from n/a through 1.8.4. | |
|
vulnerable
|
Jun 07, 2024, 04:06:18 |
Min -
Max 1.8.4
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CurrencyRate.Today Crypto Converter Widget allows Stored XSS.This issue affects Crypto Converter Widget: from n/a through 1.8.1. | |
|
vulnerable
|
Jun 07, 2024, 04:06:00 |
Min -
Max 2.2.8
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Adastra Crypto Cryptocurrency Payment & Donation Box – Accept Payments in any Cryptocurrency on your WP Site for Free.This issue affects Cryptocurrency Payment & Donation Box – Accept Payments in any Cryptocurrency on your WP Site for Free: from n/a through 2.2.7. | |
|
vulnerable
|
Jun 07, 2024, 04:06:00 |
Min -
Max 1.8
|
Cryptocurrency Payment & Donation Box – Accept Payments in any Cryptocurrency on your WP Site for Free [cryptocurrency-donation-box] < 1.8 WordPress Cryptocurrency Donation Box – Bitcoin & Crypto Donations plugin <= 1.7 - Arbitrary Plugin Installation vulnerability Arbitrary Plugin Installation vulnerability discovered by Jerome Bruandet (NinTechNet) in WordPress Cryptocurrency Donation Box – Bitcoin & Crypto Donations plugin (versions <= 1.7). | |
|
vulnerable
|
Apr 13, 2026, 23:04:14 |
Min -
Max 2.2.13
|
Missing Authorization vulnerability in AdAstraCrypto Cryptocurrency Donation Box – Bitcoin & Crypto Donations cryptocurrency-donation-box allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cryptocurrency Donation Box – Bitcoin & Crypto Donations: from n/a through <= 2.2.13. | |
|
Cryptocurrency Widgets For Elementor
vulnerable
|
Dec 02, 2024, 21:12:32 |
Min -
Max 1.6.5
|
Cryptocurrency Widgets For Elementor [cryptocurrency-widgets-for-elementor] < 1.6.5 CVE-2024-53739 [en] Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Cool Plugins Cryptocurrency Widgets For Elementor allows PHP Local File Inclusion.This issue affects Cryptocurrency Widgets For Elementor: from n/a through 1.6.4. | |
|
Cryptocurrency Widgets For Elementor
vulnerable
|
Jun 07, 2024, 08:06:52 |
Min -
Max 1.3.1
|
Cryptocurrency Widgets For Elementor [cryptocurrency-widgets-for-elementor] < 1.3.1 WordPress Cryptocurrency Widgets For Elementor plugin <=1.2.1 - Arbitrary Plugin Installation vulnerability Arbitrary Plugin Installation vulnerability discovered by Jerome Bruandet (NinTechNet) in WordPress Cryptocurrency Widgets For Elementor plugin (versions <=1.2.1). | |
|
MyCryptoCheckout – Bitcoin, Ethereum, and 100+ altcoins for WooCommerce
vulnerable
|
Jun 07, 2024, 08:06:26 |
Min -
Max 2.126
|
Cross-Site Request Forgery (CSRF) vulnerability in edward_plainview MyCryptoCheckout plugin <= 2.125 versions. | |
|
MyCryptoCheckout – Bitcoin, Ethereum, and 100+ altcoins for WooCommerce
vulnerable
|
Jun 07, 2024, 08:06:26 |
Min -
Max 2.124
|
The MyCryptoCheckout WordPress plugin before 2.124 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting | |
|
Cryptocurrency Widgets – Price Ticker & Coins List
vulnerable
|
Jun 06, 2024, 21:06:45 |
Min -
Max 2.6.9
|
Missing Authorization vulnerability in Cool Plugins Cryptocurrency Widgets – Price Ticker & Coins List.This issue affects Cryptocurrency Widgets – Price Ticker & Coins List: from n/a through 2.6.8. | |
|
Cryptocurrency Widgets – Price Ticker & Coins List
vulnerable
|
Jun 06, 2024, 21:06:45 |
Min -
Max 2.6.6
|
The Cryptocurrency Widgets – Price Ticker & Coins List plugin for WordPress is vulnerable to SQL Injection via the 'coinslist' parameter in versions 2.0 to 2.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |
|
Cryptocurrency Widgets – Price Ticker & Coins List
vulnerable
|
Jun 06, 2024, 21:06:45 |
Min 2.0
Max 2.4
|
Cryptocurrency Widgets – Price Ticker & Coins List [cryptocurrency-price-ticker-widget] <= 2.4 WordPress Cryptocurrency Widgets – Price Ticker & Coins List plugin <= 2.4 - Arbitrary Plugin Installation vulnerability Arbitrary Plugin Installation vulnerability discovered by Jerome Bruandet (NinTechNet) in WordPress Cryptocurrency Widgets – Price Ticker & Coins List plugin (versions <= 2.4). | |
|
Cryptocurrency Widgets – Price Ticker & Coins List
vulnerable
|
Aug 20, 2024, 21:08:16 |
Min -
Max 2.8.1
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Cool Plugins Cryptocurrency Widgets – Price Ticker & Coins List allows Reflected XSS.This issue affects Cryptocurrency Widgets – Price Ticker & Coins List: from n/a through 2.8.0. | |
|
Cryptocurrency Widgets – Price Ticker & Coins List
vulnerable
|
Jun 10, 2024, 12:06:28 |
Min 2.0
Max 2.6.3
|
Missing Authorization vulnerability in Cool Plugins Cryptocurrency Widgets – Price Ticker & Coins List allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cryptocurrency Widgets – Price Ticker & Coins List: from n/a through 2.6.2. | |