paytium CVE Vulnerabilities & Metrics

Focus on paytium vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About paytium Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with paytium. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total paytium CVEs: 10
Earliest CVE date: 26 Dec 2022, 13:15 UTC
Latest CVE date: 16 Oct 2024, 07:15 UTC

Latest CVE reference: CVE-2023-7294

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 9

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical paytium CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 0.0

Max CVSS: 0

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	10
4.0-6.9	0
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS paytium CVEs

These are the five CVEs with the highest CVSS scores for paytium, sorted by severity first and recency.

CVE-2023-7294 paytium Published on 16 Oct 2024, 07:15 UTC (CVSS: 0)
The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the create_mollie_profile function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to create a mollie payment profile.
CVE-2023-7293 paytium Published on 16 Oct 2024, 07:15 UTC (CVSS: 0)
The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the check_mollie_account_details function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to verify the existence of a mollie account.
CVE-2023-7292 paytium Published on 16 Oct 2024, 07:15 UTC (CVSS: 0)
The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized notification dismissal due to a missing capability check on the paytium_notice_dismiss function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to dismiss admin notices.
CVE-2023-7291 paytium Published on 16 Oct 2024, 07:15 UTC (CVSS: 0)
The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create_mollie_account function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to set up a mollie account.
CVE-2023-7290 paytium Published on 16 Oct 2024, 07:15 UTC (CVSS: 0)
The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the check_for_verified_profiles function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to check profile statuses.

All CVEs for paytium

CVE-2023-7294 paytium vulnerability CVSS: 0 16 Oct 2024, 07:15 UTC

The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the create_mollie_profile function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to create a mollie payment profile.

CVE-2023-7293 paytium vulnerability CVSS: 0 16 Oct 2024, 07:15 UTC

The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the check_mollie_account_details function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to verify the existence of a mollie account.

CVE-2023-7292 paytium vulnerability CVSS: 0 16 Oct 2024, 07:15 UTC

The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized notification dismissal due to a missing capability check on the paytium_notice_dismiss function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to dismiss admin notices.

CVE-2023-7291 paytium vulnerability CVSS: 0 16 Oct 2024, 07:15 UTC

The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create_mollie_account function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to set up a mollie account.

CVE-2023-7290 paytium vulnerability CVSS: 0 16 Oct 2024, 07:15 UTC

The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the check_for_verified_profiles function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to check profile statuses.

CVE-2023-7289 paytium vulnerability CVSS: 0 16 Oct 2024, 07:15 UTC

The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized API key update due to a missing capability check on the paytium_sw_save_api_keys function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to change plugin API keys.

CVE-2023-7288 paytium vulnerability CVSS: 0 16 Oct 2024, 07:15 UTC

The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the update_profile_preference function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to change plugin settings.

CVE-2023-7287 paytium vulnerability CVSS: 0 16 Oct 2024, 07:15 UTC

The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized subscription cancellation due to a missing capability check on the pt_cancel_subscription function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to cancel a subscription to the plugin.

CVE-2024-25099 paytium vulnerability CVSS: 0 13 Mar 2024, 16:15 UTC

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David de Boer Paytium: Mollie payment forms & donations allows Stored XSS.This issue affects Paytium: Mollie payment forms & donations: from n/a through 4.4.2.

CVE-2022-4042 paytium vulnerability CVSS: 0 26 Dec 2022, 13:15 UTC

The Paytium: Mollie payment forms & donations WordPress plugin before 4.3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).