cleantalk
Vulnerabilities and Security Researches

Premium Packages – Sell Digital Products Securely, CVE-2024-7386

CVE, Research URL

CVE-2024-7386

Home page URL

Security reports for Premium Packages – Sell Digital Products Securely

Application

Premium Packages – Sell Digital Products Securely

Published on
Sep 25, 2024
Research Description
The Premium Packages – Sell Digital Products Securely plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.9.1. This is due to missing nonce validation on the addRefund() function. This makes it possible for unauthenticated attackers to perform actions such as initiating refunds via a forged request granted they can trick a site administrator or shop manager into performing an action such as clicking on a link.
Affected versions
Min -, max 5.9.2.
Status
vulnerable
Previous vulnerability researches
Premium Packages – Sell Digital Products Securely (CVE-2024-10164) , Nov 23, 2024
Premium Packages – Sell Digital Products Securely (CVE-2024-11225) , May 06, 2025
Premium Packages – Sell Digital Products Securely (CVE-2024-7386) , Sep 26, 2024
Premium Packages – Sell Digital Products Securely (CVE-2025-24659) , Jan 26, 2025
Premium Packages – Sell Digital Products Securely (CVE-2024-52435) , Nov 19, 2024
New vulnerability
Product Category Slider for WooCommerce (CVE-2025-39364) , May 07, 2025
Total Donations (CVE-2025-43837) , May 07, 2025
Syndicate Out (CVE-2025-43836) , May 07, 2025
Relevanssi – A Better Search (CVE-2025-4054) , May 07, 2025
Meta Keywords & Description (CVE-2025-46454) , May 07, 2025