cleantalk
Vulnerabilities and Security Researches

Trust Payments Gateway for WooCommerce (JavaScript Library), 3383cbfb7fc341a0608092f0a7622aa0e5130fcd

CVE, Research URL

3383cbfb7fc341a0608092f0a7622aa0e5130fcd

Home page URL

Security reports for Trust Payments Gateway for WooCommerce (JavaScript Library)

Application

Trust Payments Gateway for WooCommerce (JavaScript Library)

Published on
Jul 26, 2022
Research Description
Trust Payments Gateway for WooCommerce (JavaScript Library) [trust-payments-gateway-3ds2] < 1.2.1 Trust Payments Gateway (3DS2) <= 1.2.0 - Cross-Site Request Forgery The Trust Payments Gateway (3DS2) plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.0. This is due to missing nonce validation on the tpgw_refund_purchase() function. This makes it possible for unauthenticated attackers to refund order purchases via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
Min -, max 1.2.1.
Status
vulnerable
Previous vulnerability researches
Trust Payments Gateway for WooCommerce (JavaScript Library) (CVE-2025-53569) , Jul 04, 2025
Trust Payments Gateway for WooCommerce (JavaScript Library) (3383cbfb7fc341a0608092f0a7622aa0e5130fcd) , Jun 07, 2024
New vulnerability
Contact Form 7 Database Addon &#8211; CFDB7 (CVE-2025-6740) , Jul 05, 2025
Magic Buttons for Elementor (CVE-2025-6687) , Jul 05, 2025
Magic Buttons for Elementor (CVE-2025-6686) , Jul 05, 2025
WP Firebase Push Notification (CVE-2025-5924) , Jul 05, 2025
HurryTimer &#8211; An Scarcity and Urgency Countdown Timer for WordPress &amp; WooCommerce (CVE-2025-53255) , Jul 05, 2025