Skip to main content

Mycryptocheckout

3 CVEs product

Monthly

CVE-2026-45209 HIGH This Week

Information disclosure in the MyCryptoCheckout WordPress plugin (versions up to and including 2.161) allows remote unauthenticated attackers to access protected data due to a missing authorization check. The flaw stems from incorrectly configured access control security levels, enabling exploitation over the network without privileges or user interaction. No public exploit identified at time of analysis, and EPSS scoring (0.03%, 9th percentile) suggests low near-term exploitation likelihood.

Authentication Bypass Mycryptocheckout
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2023-41693 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in edward_plainview MyCryptoCheckout plugin <= 2.125 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Mycryptocheckout
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-1546 MEDIUM POC This Month

The MyCryptoCheckout WordPress plugin before 2.124 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Mycryptocheckout
NVD WPScan
CVSS 3.1
6.1
EPSS
0.9%
EPSS 0% CVSS 7.5
HIGH This Week

Information disclosure in the MyCryptoCheckout WordPress plugin (versions up to and including 2.161) allows remote unauthenticated attackers to access protected data due to a missing authorization check. The flaw stems from incorrectly configured access control security levels, enabling exploitation over the network without privileges or user interaction. No public exploit identified at time of analysis, and EPSS scoring (0.03%, 9th percentile) suggests low near-term exploitation likelihood.

Authentication Bypass Mycryptocheckout
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in edward_plainview MyCryptoCheckout plugin <= 2.125 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Mycryptocheckout
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

The MyCryptoCheckout WordPress plugin before 2.124 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Mycryptocheckout
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy