The Paytm Payment Gateway plugin for WordPress has a security problem that allows people with certain levels of access (editors and above) to take information from the website’s database. This is caused by the plugin not preventing the user from adding extra code to the ‘post’ parameter in versions up to 2.7.3. This extra code can be used to get information from the database
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.
