GCVE - cpe:2.3:a:videowhisper:micropayments:*:*:*:*:*:wordpress:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:videowhisper:micropayments:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

Vendor	Videowhisper (`3fa34018-7a89-5b29-a930-e9dcfd4be8ec`)
Product	Micropayments (`fa6fc170-36f5-50c9-85ef-76c5bbf79e04`)
Edition	*
Language	*
Software edition	*
Target software	wordpress
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-5937`	vulnerable	2026-06-03 15:07:55.074960	MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Wallet <= 3.2.0 - Cross-Site Request Forgery to Settings Reset MEDIUM (4.3) The MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Wallet plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.0. This is due to missing or incorrect nonce validation on the adminOptions() function. This makes it possible for unauthenticated attackers to reset the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Published: 2025-06-28T07:25:06.195Z Updated: 2026-04-08T17:26:42.452Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/d80417bc-2bb2-4826-be03-796a7cd2825f?source=cve https://plugins.trac.wordpress.org/browser/paid-membership/trunk/inc/options.php#L1364 https://plugins.trac.wordpress.org/changeset/3318389/#file0	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-27629`	vulnerable	2026-06-03 14:46:53.101959	Details available Cross-site request forgery (CSRF) vulnerability in 'MicroPayments - Paid Author Subscriptions, Content, Downloads, Membership' versions prior to 1.9.6 allows a remote unauthenticated attacker to hijack the authentication of an administrator and perform unintended operation via unspecified vectors. Published: 2022-04-20T01:05:12.000Z Updated: 2024-08-03T05:32:59.802Z Open on db.gcve.eu Reference links https://plugins.trac.wordpress.org/changeset?new=2362275%40paid-membership&old=2345274%40paid-membership https://wordpress.org/plugins/paid-membership/ https://jvn.jp/en/jp/JVN31606885/index.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.