1. WBcom Credits SDK Checkout Bypass Allows Arbitrary Credit Purchases at Manipulated Prices
A critical pricing-manipulation vulnerability has been identified in the WBcom Credits SDK, exposing any consuming application to direct financial loss. The checkout endpoint at `POST /wp-json/wbcom-credits/v1/{slug}/checkout/{gateway}` accepts both `credits` and `price_cents` parameters directly from the client withou...