CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31022 – WordPress PayU India plugin < 3.8.8 - Account Takeover vulnerability
https://notcve.org/view.php?id=CVE-2025-31022
05 Jun 2025 — Authentication Bypass Using an Alternate Path or Channel vulnerability in PayU India PayU India allows Authentication Abuse. This issue affects PayU India: from n/a through 3.8.5. Authentication Bypass Using an Alternate Path or Channel vulnerability in PayU PayU India allows Authentication Abuse.This issue affects PayU India: from n/a before 3.8.8. The PayU CommercePro Plugin plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 3.8.7. This is due to the plugin n... • https://patchstack.com/database/wordpress/plugin/payu-india/vulnerability/wordpress-payu-india-plugin-3-8-5-account-takeover-vulnerability?_s_id=cve • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27193 – WordPress PayU India plugin <= 3.8.2 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-27193
26 Feb 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PayU PayU India allows Reflected XSS.This issue affects PayU India: from n/a through 3.8.2. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('cross-site Scripting') en PayU PayU India permite Reflected XSS. Este problema afecta a PayU India: desde n/a hasta 3.8.2. The PayU India plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘ty... • https://patchstack.com/database/vulnerability/payu-india/wordpress-payu-india-plugin-3-8-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •