paymenter/paymenter
php · paymenter/paymenterHeads-up
paymenter/paymenter: PayPal webhook endpoint vulnerable to SSRF via unvalidated PAYPAL-CERT-URL header
The PayPal webhook endpoint `/extensions/paypal/webhook` now processes the `PAYPAL-CERT-URL` HTTP header without validation, allow
23 Jun 2026 · schedule it
php · paymenter/paymenterHeads-up
paymenter/paymenter: Email update fails to reset verification status
Email update functionality fails to invalidate the existing verification state when a user changes their email address, allowing a
23 Jun 2026 · schedule it
php · paymenter/paymenterHeads-up
paymenter/paymenter: Missing ownership validation in ticket creation endpoint
The ticket creation endpoint no longer accepts a user-supplied service identifier without enforcing ownership validation.
23 Jun 2026 · schedule it
php · paymenter/paymenterCritical
Paymenter Critical File Upload RCE in Ticket Attachments (pre-v1.2.11)
A critical vulnerability in Paymenter allows authenticated users to upload arbitrary files via ticket attachments, leading to remo
23 Jun 2026 · act now