What the vulnerability does
01Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Alex Zaytseff Multi CryptoCurrency Payments multi-crypto-currency-payment allows SQL Injection.This issue affects Multi CryptoCurrency Payments: from n/a through <= 2.0.7.
Explanation of Vulnerability in Simple Terms
02Summary
Multi CryptoCurrency Payments versions 2.0.7 and earlier contain a SQL injection vulnerability that allows unauthenticated attackers to query the site's database without user interaction. An attacker can extract sensitive data including user credentials and payment information. The vulnerability also causes partial service disruption. Update to a version newer than 2.0.7 immediately.
What an attacker can do
03Attacker Capabilities
Extract sensitive data from the site database, including user credentials and payment records, without authentication.
Potential impact on your site
04Site Impact
User data and payment information exposed; site availability may be degraded; immediate patching required.
Conditions required to exploit
05Prerequisites
Network access only; no authentication or user interaction required.
Key dates
06Disclosure timeline
June 9, 2025
CVE published
April 28, 2026
Record updated