Lucene search

K

WordPress支付宝Alipay|财付通Tenpay|贝宝PayPal集成插件 Security Vulnerabilities

githubexploit
githubexploit

Exploit for CVE-2024-26229

CVE-2024-26229 Windows CSC服务特权提升漏洞。 ...

7.8CVSS

7.7AI Score

0.0004EPSS

2024-06-16 05:06 AM
19
wordfence
wordfence

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 3, 2024 to June 9, 2024)

_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...

10CVSS

9.8AI Score

EPSS

2024-06-13 03:35 PM
2
githubexploit
githubexploit

Exploit for CVE-2024-23692

Rejetto HTTP File Server (HFS) 未授权 RCE 漏洞复现 (CVE-2024-23692)...

9.8CVSS

7AI Score

0.002EPSS

2024-06-13 09:12 AM
37
wpvulndb
wpvulndb

Recurring PayPal Donations < 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Recurring PayPal Donations plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

6.5CVSS

5.8AI Score

0.0004EPSS

2024-06-13 12:00 AM
githubexploit
githubexploit

Exploit for OS Command Injection in Php

CVE-2024-4577 php-cgi RCE快速检测 Usage: ```cmd python...

9.8CVSS

9.6AI Score

0.932EPSS

2024-06-12 02:16 AM
57
cve
cve

CVE-2024-35676

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in wpecommerce Recurring PayPal Donations allows Stored XSS.This issue affects Recurring PayPal Donations: from n/a through...

6.5CVSS

6.4AI Score

0.0004EPSS

2024-06-08 04:15 PM
22
nvd
nvd

CVE-2024-35676

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in wpecommerce Recurring PayPal Donations allows Stored XSS.This issue affects Recurring PayPal Donations: from n/a through...

6.5CVSS

0.0004EPSS

2024-06-08 04:15 PM
4
cvelist
cvelist

CVE-2024-35676 WordPress Recurring PayPal Donations plugin <= 1.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in wpecommerce Recurring PayPal Donations allows Stored XSS.This issue affects Recurring PayPal Donations: from n/a through...

6.5CVSS

0.0004EPSS

2024-06-08 04:05 PM
1
vulnrichment
vulnrichment

CVE-2024-35676 WordPress Recurring PayPal Donations plugin <= 1.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in wpecommerce Recurring PayPal Donations allows Stored XSS.This issue affects Recurring PayPal Donations: from n/a through...

6.5CVSS

6.8AI Score

0.0004EPSS

2024-06-08 04:05 PM
githubexploit
githubexploit

Exploit for OS Command Injection in Php

CVE-2024-4577-PHP-RCE 项目简介与原理 ...

9.8CVSS

9.6AI Score

0.932EPSS

2024-06-08 01:04 PM
100
githubexploit
githubexploit

Exploit for OS Command Injection in Php

TG Join Us https://t.me/WanLiChangChengWanLiChang...

9.8CVSS

9.7AI Score

0.932EPSS

2024-06-07 05:02 PM
106
githubexploit
githubexploit

Exploit for CVE-2024-25600

TG Join Us https://t.me/WanLiChangChengWanLiChang...

10CVSS

9.7AI Score

0.001EPSS

2024-06-06 03:59 AM
126
nvd
nvd

CVE-2023-27460

Missing Authorization vulnerability in CodePeople, paypaldev CP Contact Form with Paypal allows Functionality Misuse.This issue affects CP Contact Form with Paypal: from n/a through...

4.3CVSS

4.7AI Score

0.0004EPSS

2024-06-03 10:15 PM
cve
cve

CVE-2023-27460

Missing Authorization vulnerability in CodePeople, paypaldev CP Contact Form with Paypal allows Functionality Misuse.This issue affects CP Contact Form with Paypal: from n/a through...

4.3CVSS

7.1AI Score

0.0004EPSS

2024-06-03 10:15 PM
17
cvelist
cvelist

CVE-2023-27460 WordPress CP Contact Form with PayPal plugin <= 1.3.34 - Missing Authorization Leading To Feedback Submission vulnerability

Missing Authorization vulnerability in CodePeople, paypaldev CP Contact Form with Paypal allows Functionality Misuse.This issue affects CP Contact Form with Paypal: from n/a through...

4.3CVSS

4.7AI Score

0.0004EPSS

2024-06-03 10:01 PM
vulnrichment
vulnrichment

CVE-2023-27460 WordPress CP Contact Form with PayPal plugin <= 1.3.34 - Missing Authorization Leading To Feedback Submission vulnerability

Missing Authorization vulnerability in CodePeople, paypaldev CP Contact Form with Paypal allows Functionality Misuse.This issue affects CP Contact Form with Paypal: from n/a through...

4.3CVSS

6.9AI Score

0.0004EPSS

2024-06-03 10:01 PM
zdt
zdt

Online Payment Hub System 1.0 SQL Injection Vulnerability

Online Payment Hub System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication...

8.7AI Score

2024-06-02 12:00 AM
11
githubexploit
githubexploit

Exploit for Link Following in Git

CVE-2024-32002 漏洞概述(⚠️注意!:请不要clone此仓库!!!⚠️) 描述...

9CVSS

9.1AI Score

0.001EPSS

2024-06-01 08:19 PM
59
wpexploit
wpexploit

PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode <= 1.7 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

5.7AI Score

EPSS

2024-05-31 12:00 AM
6
wpexploit
wpexploit

PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode <= 1.7 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

5.9AI Score

EPSS

2024-05-31 12:00 AM
9
packetstorm

7.4AI Score

2024-05-31 12:00 AM
29
wpvulndb
wpvulndb

PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode <= 1.7 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC The PoC will be displayed on.....

5.7AI Score

EPSS

2024-05-31 12:00 AM
wpvulndb
wpvulndb

PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode <= 1.7 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) PoC The PoC will be displayed on...

5.5AI Score

EPSS

2024-05-31 12:00 AM
wordfence
wordfence

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 20, 2024 to May 26, 2024)

_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...

9.8CVSS

9.9AI Score

0.035EPSS

2024-05-30 03:23 PM
13
githubexploit
githubexploit

Exploit for Expression Language Injection in Atlassian Confluence Data Center

confluence rce (CVE-2021-26084, CVE-2022-26134,...

7.3AI Score

2024-05-29 03:20 AM
59
securelist
securelist

Message board scams

Marketplace fraud is nothing new. Cybercriminals swindle money out of buyers and sellers alike. Lately, we've seen a proliferation of cybergangs operating under the Fraud-as-a-Service model and specializing in tricking users of online marketplaces, in particular, message boards. Criminals are...

6.4AI Score

2024-05-27 01:00 PM
9
talosblog
talosblog

Apple and Google are taking steps to curb the abuse of location-tracking devices — but what about others?

Since the advent of products like the Tile and Apple AirTag, both used to keep track of easily lost items like wallets, keys and purses, bad actors and criminals have found ways to abuse them. These adversaries can range from criminals just looking to do something illegal for a range of reasons,...

6.7AI Score

2024-05-23 06:00 PM
4
cve
cve

CVE-2024-3065

The PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

4.4CVSS

5.7AI Score

0.0004EPSS

2024-05-23 02:15 AM
25
nvd
nvd

CVE-2024-3065

The PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

4.4CVSS

4.7AI Score

0.0004EPSS

2024-05-23 02:15 AM
1
cvelist
cvelist

CVE-2024-3065 PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode <= 1.7 - Authenticated (Admin+) Stored Cross-Site Scripting

The PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

4.4CVSS

4.7AI Score

0.0004EPSS

2024-05-23 01:56 AM
talosblog
talosblog

From trust to trickery: Brand impersonation over the email attack vector

Cisco recently developed and released a new feature to detect brand impersonation in emails when adversaries pretend to be a legitimate corporation. Talos has discovered a wide range of techniques threat actors use to embed and deliver brand logos via emails to their victims. Talos is providing...

6.5AI Score

2024-05-22 12:17 PM
8
wpvulndb
wpvulndb

PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode <= 1.7 - Authenticated (Admin+) Stored Cross-Site Scripting

Description The PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for...

4.4CVSS

5.7AI Score

0.0004EPSS

2024-05-22 12:00 AM
nvd
nvd

CVE-2024-30527

Improper Validation of Specified Quantity in Input vulnerability in Tips and Tricks HQ WP Express Checkout (Accept PayPal Payments) allows Manipulating Hidden Fields.This issue affects WP Express Checkout (Accept PayPal Payments): from n/a through...

7.5CVSS

7.6AI Score

0.0004EPSS

2024-05-17 09:15 AM
cve
cve

CVE-2024-30527

Improper Validation of Specified Quantity in Input vulnerability in Tips and Tricks HQ WP Express Checkout (Accept PayPal Payments) allows Manipulating Hidden Fields.This issue affects WP Express Checkout (Accept PayPal Payments): from n/a through...

7.5CVSS

6.8AI Score

0.0004EPSS

2024-05-17 09:15 AM
37
cvelist
cvelist

CVE-2024-30527 WordPress WP Express Checkout plugin <= 2.3.7 - Price Manipulation vulnerability

Improper Validation of Specified Quantity in Input vulnerability in Tips and Tricks HQ WP Express Checkout (Accept PayPal Payments) allows Manipulating Hidden Fields.This issue affects WP Express Checkout (Accept PayPal Payments): from n/a through...

7.5CVSS

7.6AI Score

0.0004EPSS

2024-05-17 08:20 AM
githubexploit
githubexploit

Exploit for Incorrect Authorization in Vmware Spring Security

CVE-2022-22978-demo CVE-2022-22978漏洞示例代码 利用条件...

9.8CVSS

7AI Score

0.009EPSS

2024-05-17 07:26 AM
38
githubexploit
githubexploit

Exploit for CVE-2023-52654

Run file python3 CVE-2023-52654.py or sudo CVE-2023-52654.py...

7.1AI Score

0.0004EPSS

2024-05-09 08:53 PM
161
securelist
securelist

Financial cyberthreats in 2023

Money is what always attracts cybercriminals. A significant share of scam, phishing and malware attacks is about money. With trillions of dollars of digital payments made every year, it is no wonder that attackers target electronic wallets, online shopping accounts and other financial assets,...

7.3AI Score

2024-05-06 10:00 AM
16
wordfence
wordfence

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 22, 2024 to April 28, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 304 vulnerabilities disclosed in 232...

9.1AI Score

EPSS

2024-05-02 02:49 PM
47
wpvulndb
wpvulndb

Easy Accept Payments < 5.0 - Missing Authorization

Description The Easy Accept Payments via PayPal plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 4.9.10. This makes it possible for unauthenticated attackers to perform an unauthorized...

7AI Score

0.0004EPSS

2024-05-01 12:00 AM
3
nvd
nvd

CVE-2024-33591

Missing Authorization vulnerability in Tips and Tricks HQ Easy Accept Payments.This issue affects Easy Accept Payments: from n/a through...

7.5CVSS

7.6AI Score

0.0004EPSS

2024-04-29 10:15 AM
cve
cve

CVE-2024-33591

Missing Authorization vulnerability in Tips and Tricks HQ Easy Accept Payments.This issue affects Easy Accept Payments: from n/a through...

7.5CVSS

6.8AI Score

0.0004EPSS

2024-04-29 10:15 AM
24
cvelist
cvelist

CVE-2024-33591 WordPress Easy Accept Payments for PayPal plugin <= 4.9.10 - Broken Access Control vulnerability

Missing Authorization vulnerability in Tips and Tricks HQ Easy Accept Payments.This issue affects Easy Accept Payments: from n/a through...

7.5CVSS

7.8AI Score

0.0004EPSS

2024-04-29 10:10 AM
malwarebytes
malwarebytes

Ring agrees to pay $5.6 million after cameras were used to spy on customers

Amazon's Ring has settled with the Federal Trade Commission (FTC) over charges that the company allowed employees and contractors to access customers' private videos, and failed to implement security protections which enabled hackers to take control of customers’ accounts, cameras, and videos. The....

7.1AI Score

2024-04-25 02:05 PM
10
githubexploit
githubexploit

Exploit for Improper Ownership Management in Linux Linux Kernel

安装编译环境 ``bash sudo apt install -y gcc libfuse-dev...

7.8CVSS

6.6AI Score

0.0004EPSS

2024-04-22 11:33 PM
93
githubexploit

9.8CVSS

7AI Score

0.018EPSS

2024-04-13 02:17 AM
111
packetstorm

8.8CVSS

7.4AI Score

0.002EPSS

2024-04-12 12:00 AM
56
zdt

8.8CVSS

7.4AI Score

0.002EPSS

2024-04-12 12:00 AM
39
exploitdb

8.8CVSS

7.4AI Score

EPSS

2024-04-12 12:00 AM
46
githubexploit
githubexploit

Exploit for CVE-2024-3000

Usage python3 CVE-2024-3000.py Sudo version 1.9 and below...

7.3CVSS

7.1AI Score

0.0004EPSS

2024-04-10 11:34 PM
94
Total number of security vulnerabilities15087