33 matches found
CVE-2026-32387
Missing Authorization vulnerability in Noor Alam Checkout for PayPal checkout-for-paypal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Checkout for PayPal: from n/a through = 1.0.46...
EUVD-2026-11895
Missing Authorization vulnerability in Noor Alam Checkout for PayPal checkout-for-paypal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Checkout for PayPal: from n/a through = 1.0.46...
CVE-2026-32387 WordPress Checkout for PayPal plugin <= 1.0.46 - Broken Access Control vulnerability
Missing Authorization vulnerability in Noor Alam Checkout for PayPal checkout-for-paypal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Checkout for PayPal: from n/a through = 1.0.46...
PT-2026-25234
Missing Authorization vulnerability in Noor Alam Checkout for PayPal checkout-for-paypal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Checkout for PayPal: from n/a through = 1.0.46...
CVE-2025-14463
The Payment Button for PayPal plugin for WordPress is vulnerable to unauthorized order creation in all versions up to, and including, 1.2.3.41. This is due to the plugin exposing a public AJAX endpoint wppaypalcheckoutajaxprocessorder that processes checkout results without any authentication or...
EUVD-2025-7157
Malicious code in bioql PyPI...
EUVD-2025-11318
Malicious code in bioql PyPI...
CVE-2022-3983
The Checkout for PayPal WordPress plugin before 1.0.14 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...
CVE-2019-14979
cgi-bin/webscr?cmd=cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.17 for WordPress allows Parameter Tampering in an amount parameter such as amount1, as demonstrated by purchasing an item for lower than the intended price. NOTE: The plugin author states it is true that the...
CVE-2025-39572
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Noor Alam Checkout for PayPal checkout-for-paypal allows Stored XSS.This issue affects Checkout for PayPal: from n/a through = 1.0.38...
CVE-2025-39572
CVE-2025-39572 : Stored XSS in WordPress plugin “Checkout for PayPal” (Noor Alam) due to improper neutralization of input during web page generation. Affected versions: Checkout for PayPal from n/a through 1.0.38. Root cause: input handling flaw that allows arbitrary script injection into generat...
GHSA-HXG4-65P5-9W37 Sylius PayPal Plugin has an Order Manipulation Vulnerability after PayPal Checkout
A discovered vulnerability allows users to modify their shopping cart after completing the PayPal Checkout process and payment authorization. If a user initiates a PayPal transaction from a product page or the cart page and then returns to the order summary page, they can still manipulate the car...
Sylius PayPal Plugin has an Order Manipulation Vulnerability after PayPal Checkout
A discovered vulnerability allows users to modify their shopping cart after completing the PayPal Checkout process and payment authorization. If a user initiates a PayPal transaction from a product page or the cart page and then returns to the order summary page, they can still manipulate the car...
CVE-2025-30152 Sylius PayPal Plugin has an Order Manipulation Vulnerability after PayPal Checkout
The Syliud PayPal Plugin is the Sylius Core Team’s plugin for the PayPal Commerce Platform. Prior to 1.6.2, 1.7.2, and 2.0.2, a discovered vulnerability allows users to modify their shopping cart after completing the PayPal Checkout process and payment authorization. If a user initiates a PayPal...
CVE-2025-30152 Sylius PayPal Plugin has an Order Manipulation Vulnerability after PayPal Checkout
The Syliud PayPal Plugin is the Sylius Core Team’s plugin for the PayPal Commerce Platform. Prior to 1.6.2, 1.7.2, and 2.0.2, a discovered vulnerability allows users to modify their shopping cart after completing the PayPal Checkout process and payment authorization. If a user initiates a PayPal...
Malicious code in paypal-checkout-integration-backend-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8978fb3635d1339256e1aa90eab3f76ba33bad36f9a2ffd70d1f6fc7d60ccca8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-1619 Malicious code in paypal-checkout-integration-backend-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8978fb3635d1339256e1aa90eab3f76ba33bad36f9a2ffd70d1f6fc7d60ccca8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-745 Malicious code in nodejs-paypal-checkout-demo (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 909c8505097e7b62c38bde6c75bb0ba8516f566136ec093b913944bcbdd1130e Any computer that has this package installed or running should be considered...
Malicious code in nodejs-paypal-checkout-demo (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 909c8505097e7b62c38bde6c75bb0ba8516f566136ec093b913944bcbdd1130e Any computer that has this package installed or running should be considered...
Insufficient Verification Of Data Authenticity
swag/paypal is vulnerable to Insufficient Verification Of Data Authenticity. When the JavaScript-based PayPal checkout methods PayPal Plus, Smart Payment Buttons, SEPA, Pay Later, Venmo, Credit card are used the amount and item list sent to PayPal may not be identical to the one in the created...