4 matches found
CVE-2025-13966
The Paypal Payment Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'buttomimage' parameter of the paypal-shortcode shortcode in all versions up to, and including, 1.01 due to insufficient input sanitization and output escaping. This makes it possible for...
EUVD-2025-202977
The Paypal Payment Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'buttomimage' parameter of the paypal-shortcode shortcode in all versions up to, and including, 1.01 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-13966 Paypal Payment Shortcode <= 1.01 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'buttom_image' Shortcode Attribute
The Paypal Payment Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'buttomimage' parameter of the paypal-shortcode shortcode in all versions up to, and including, 1.01 due to insufficient input sanitization and output escaping. This makes it possible for...
PT-2025-50836
The Paypal Payment Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'buttom image' parameter of the paypal-shortcode shortcode in all versions up to, and including, 1.01 due to insufficient input sanitization and output escaping. This makes it possible for...