Skip to main content

Wp Easypay

7 CVEs product

Monthly

CVE-2026-56024 MEDIUM This Month

Cross-site request forgery in the WP EasyPay WordPress plugin (versions through 4.4.0) enables remote attackers to perform unauthorized administrative actions by tricking an authenticated WordPress administrator into visiting a maliciously crafted page. Missing or insufficient nonce verification on one or more plugin endpoints allows the attacker's forged request to be processed as a legitimate action using the victim's active session. No public exploit code and no CISA KEV listing are present at time of analysis.

CSRF Wp Easypay
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-45215 MEDIUM This Month

WP EasyPay plugin through version 4.3.0 exposes sensitive information in sent data, allowing unauthenticated remote attackers to retrieve embedded data without user interaction. The vulnerability stems from improper handling of sensitive data during transmission, classified as an information disclosure issue with a CVSS score of 5.3 (network-accessible, low complexity). No active exploitation has been confirmed in CISA KEV at the time of analysis.

Information Disclosure Wp Easypay
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32587 MEDIUM This Month

WP EasyPay versions up to 4.2.11 contain an authorization bypass that allows authenticated users to modify plugin settings and functionality beyond their intended access level. An attacker with valid credentials could exploit improperly configured access controls to perform unauthorized actions such as disabling security features or altering payment processing configurations. No patch is currently available for this vulnerability.

Authentication Bypass Wp Easypay
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2024-5861 MEDIUM PATCH This Month

The WP EasyPay - Square for WordPress plugin for WordPress is vulnerable to unauthorized modification of datadue to a missing capability check on the wpep_square_disconnect() function in all versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Wp Easypay
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-1465 MEDIUM POC This Month

The WP EasyPay WordPress plugin before 4.1 does not escape some generated URLs before outputting them back in pages, leading to Reflected Cross-Site Scripting issues which could be used against high. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Easypay
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2021-4411 MEDIUM PATCH This Month

The WP EasyPay - Square for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Wp Easypay
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2022-47177 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in WP Easy Pay WP EasyPay - Square for WordPress plugin <= 4.1 versions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Wp Easypay
NVD
CVSS 3.1
4.3
EPSS
0.1%
EPSS 0% CVSS 6.5
MEDIUM This Month

Cross-site request forgery in the WP EasyPay WordPress plugin (versions through 4.4.0) enables remote attackers to perform unauthorized administrative actions by tricking an authenticated WordPress administrator into visiting a maliciously crafted page. Missing or insufficient nonce verification on one or more plugin endpoints allows the attacker's forged request to be processed as a legitimate action using the victim's active session. No public exploit code and no CISA KEV listing are present at time of analysis.

CSRF Wp Easypay
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

WP EasyPay plugin through version 4.3.0 exposes sensitive information in sent data, allowing unauthenticated remote attackers to retrieve embedded data without user interaction. The vulnerability stems from improper handling of sensitive data during transmission, classified as an information disclosure issue with a CVSS score of 5.3 (network-accessible, low complexity). No active exploitation has been confirmed in CISA KEV at the time of analysis.

Information Disclosure Wp Easypay
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

WP EasyPay versions up to 4.2.11 contain an authorization bypass that allows authenticated users to modify plugin settings and functionality beyond their intended access level. An attacker with valid credentials could exploit improperly configured access controls to perform unauthorized actions such as disabling security features or altering payment processing configurations. No patch is currently available for this vulnerability.

Authentication Bypass Wp Easypay
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

The WP EasyPay - Square for WordPress plugin for WordPress is vulnerable to unauthorized modification of datadue to a missing capability check on the wpep_square_disconnect() function in all versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Wp Easypay
NVD
EPSS 0% CVSS 6.1
MEDIUM POC This Month

The WP EasyPay WordPress plugin before 4.1 does not escape some generated URLs before outputting them back in pages, leading to Reflected Cross-Site Scripting issues which could be used against high. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Easypay
NVD WPScan
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

The WP EasyPay - Square for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Wp Easypay
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in WP Easy Pay WP EasyPay - Square for WordPress plugin <= 4.1 versions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Wp Easypay
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy