cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-12165,https://securityvulnerability.io/vulnerability/CVE-2024-12165,Reflected Cross-Site Scripting Vulnerability in Contact Form 7 Plugin,"The Mollie for Contact Form 7 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 5.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",Wordpress,Mollie For Contact Form 7,6.1,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,2024-12-07T02:15:00.000Z,0
CVE-2023-7294,https://securityvulnerability.io/vulnerability/CVE-2023-7294,Unauthorized Data Modification Vulnerability in Mollie Payment Forms & Donations Plugin,"The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the create_mollie_profile function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to create a mollie payment profile.",Wordpress,Paytium: Mollie Payment Forms & Donations,6.5,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,2024-10-16T06:43:46.535Z,0
CVE-2023-7293,https://securityvulnerability.io/vulnerability/CVE-2023-7293,Unauthorized Access to Mollie Account Details in Paytium Plugin,"The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the check_mollie_account_details function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to verify the existence of a mollie account.",Wordpress,Paytium: Mollie Payment Forms & Donations,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-10-16T06:43:46.043Z,0
CVE-2023-7292,https://securityvulnerability.io/vulnerability/CVE-2023-7292,Unauthorized Notification Dismissal Vulnerability in Paytium Mollie Plugin,"The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized notification dismissal due to a missing capability check on the paytium_notice_dismiss function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to dismiss admin notices.",Wordpress,Paytium: Mollie Payment Forms & Donations,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-10-16T06:43:45.569Z,0
CVE-2023-7291,https://securityvulnerability.io/vulnerability/CVE-2023-7291,Unauthorized Data Modification Vulnerability in Paytium's Mollie Plugin,"The Mollie payment forms & donations plugin by Paytium for WordPress suffers from a vulnerability that allows unauthorized modification of data. This issue stems from a lack of capability checks in the create_mollie_account function, enabling authenticated attackers with subscriber-level access to create a mollie account. This presents a significant security risk as it could lead to unauthorized changes to payment information and potentially impact financial transactions.",Wordpress,Paytium: Mollie Payment Forms & Donations,8.1,HIGH,0.0005000000237487257,false,,false,false,false,,false,false,2024-10-16T06:43:43.626Z,0
CVE-2023-7290,https://securityvulnerability.io/vulnerability/CVE-2023-7290,Unauthorized Access to Data Vulnerability in Mollie Plugin,"The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the check_for_verified_profiles function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to check profile statuses.",Wordpress,Paytium: Mollie Payment Forms & Donations,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-10-16T06:43:41.271Z,0
CVE-2023-7289,https://securityvulnerability.io/vulnerability/CVE-2023-7289,Unauthorized API Key Update Vulnerability in Paytium's Mollie Plugin,"The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized API key update due to a missing capability check on the paytium_sw_save_api_keys function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to change plugin API keys.",Wordpress,Paytium: Mollie Payment Forms & Donations,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-10-16T06:43:39.840Z,0
CVE-2023-7288,https://securityvulnerability.io/vulnerability/CVE-2023-7288,Unauthorized Data Modification Vulnerability in Paytium's Mollie Plugin,"The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the update_profile_preference function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to change plugin settings.",Wordpress,Paytium: Mollie Payment Forms & Donations,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-10-16T06:43:26.248Z,0
CVE-2023-7287,https://securityvulnerability.io/vulnerability/CVE-2023-7287,Unauthorized Subscription Cancellation Vulnerability Affects Paytium's Mollie Plugin,"The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized subscription cancellation due to a missing capability check on the pt_cancel_subscription function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to cancel a subscription to the plugin.",Wordpress,Paytium: Mollie Payment Forms & Donations,5.4,MEDIUM,0.0004400000034365803,false,,false,false,false,,false,false,2024-10-16T06:43:24.306Z,0
CVE-2024-2368,https://securityvulnerability.io/vulnerability/CVE-2024-2368,Cross-Site Request Forgery vulnerability in Mollie Forms plugin for WordPress,"The Mollie Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.13. This is due to missing or incorrect nonce validation on the duplicateForm() function. This makes it possible for unauthenticated attackers to duplicate forms via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",Wordpress,Mollie Forms,4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-06-05T07:15:00.000Z,0
CVE-2024-1400,https://securityvulnerability.io/vulnerability/CVE-2024-1400,Unauthorized Post or Page Duplication Vulnerability in Mollie Forms Plugin for WordPress,"The Mollie Forms plugin for WordPress is vulnerable to unauthorized post or page duplication due to a missing capability check on the duplicateForm function in all versions up to, and including, 2.6.3. This makes it possible for authenticated attackers, with subscriber access or higher, to duplicate arbitrary posts and pages.",Wordpress,Mollie Forms,4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-03-11T21:30:57.915Z,0
CVE-2024-1645,https://securityvulnerability.io/vulnerability/CVE-2024-1645,Unauthorized Access to Payment Data via Missing Capability Check in Mollie Forms Plugin,"The Mollie Forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportRegistrations function in all versions up to, and including, 2.6.3. This makes it possible for authenticated attackers, with subscriber access or higher, to export payment data collected by this plugin.",Wordpress,Mollie Forms,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-03-11T21:30:57.333Z,0
CVE-2022-4042,https://securityvulnerability.io/vulnerability/CVE-2022-4042,Paytium < 4.3.7 - Admin+ Stored XSS,"The Paytium: Mollie payment forms & donations WordPress plugin before 4.3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).",Wordpress,Paytium: Mollie Payment Forms & Donations,4.8,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2022-12-26T12:27:59.379Z,0