cleantalk
Vulnerabilities and Security Researches

WP EasyPay – Square for WordPress, CVE-2021-4411

CVE, Research URL

CVE-2021-4411

Home page URL

Security reports for WP EasyPay – Square for WordPress

Application

WP EasyPay – Square for WordPress

Published on
Jul 12, 2023
Research Description
The WP EasyPay – Square for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.0. This is due to missing or incorrect nonce validation on the wpep_download_transaction_in_excel() function. This makes it possible for unauthenticated attackers to trigger a transactions download via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
max 4.2.
Status
vulnerable
Previous vulnerability researches
WP EasyPay – Square for WordPress (CVE-2026-32587) , Mar 30, 2026
WP EasyPay – Square for WordPress (CVE-2022-4974) , Nov 15, 2024
WP EasyPay – Square for WordPress (206aa8b706721ec996e1673c01a3d16da642fd74) , Jun 07, 2024
WP EasyPay – Square for WordPress (CVE-2022-47177) , Jun 07, 2024
WP EasyPay – Square for WordPress (CVE-2021-4411) , Jun 07, 2024
New vulnerability
Gallery Block (Meow Gallery) (CVE-2026-32418) , Mar 30, 2026
Master Addons for Elementor (CVE-2026-32462) , Mar 30, 2026
Elementor Addon Elements (CVE-2026-28131) , Mar 30, 2026
PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes (CVE-2026-32539) , Mar 30, 2026
Kargo Takip (CVE-2026-25365) , Mar 30, 2026