CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4118 – Bitcoin / AltCoin Payment Gateway <= 1.7.1 - Unauthenticated SQLi
https://notcve.org/view.php?id=CVE-2022-4118
17 Apr 2023 — The Bitcoin / AltCoin Payment Gateway for WooCommerce & Multivendor store / shop WordPress plugin through 1.7.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by authenticated users The Bitcoin / AltCoin Payment Gateway for WooCommerce plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.7.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the exis... • https://wpscan.com/vulnerability/2839ff82-7d37-4392-8fa3-d490680d42c4 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24679 – Bitcoin / AltCoin Payment Gateway for WooCommerce < 1.6.1 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24679
06 Sep 2021 — The Bitcoin / AltCoin Payment Gateway for WooCommerce WordPress plugin before 1.6.1 does not escape the 's' GET parameter before outputting back in the All Masking Rules page, leading to a Reflected Cross-Site Scripting issue El plugin Bitcoin / AltCoin Payment Gateway for WooCommerce de WordPress versiones anteriores a 1.6.1, no escapa del parámetro GET "s" antes de devolverlo a la página All Masking Rules, conllevando a un problema de tipo Cross-Site Scripting Reflejado • https://wpscan.com/vulnerability/7c6c0aac-1733-4abc-8e95-05416636a127 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •