2 matches found
CVE-2024-7861
The Misiek Paypal WordPress plugin through 1.1.20090324 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
PT-2024-38638 · WordPress · Misiek Paypal Wordpress Plugin
Name of the Vulnerable Software and Affected Versions: Misiek Paypal WordPress plugin versions through 1.1.20090324 Description: The issue is related to the lack of CSRF checks in some places, as well as missing sanitization and escaping, which could allow attackers to make logged-in admins add...