Lucene search
K

18 matches found

CNNVD
CNNVD
added 2026/05/29 12:0 a.m.12 views

WordPress plugin Contact Form 7 – PayPal & Stripe Add-on 数据伪造问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.8AI score0.00204EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/05/23 6:26 a.m.6 views

CVE-2024-10683

The Contact Form 7 – PayPal & Stripe Add-on plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.3.1. This makes it possible for unauthenticated attackers...

6.1CVSS6.4AI score0.00368EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:54 a.m.8 views

CVE-2023-24405

Cross-Site Request Forgery CSRF vulnerability in Scott Paterson Contact Form 7 – PayPal & Stripe Add-on plugin = 1.9.3 versions...

8.8CVSS7.1AI score0.00303EPSS
Exploits0References1
OSV
OSV
added 2024/11/09 7:15 a.m.7 views

CVE-2024-10683

The Contact Form 7 – PayPal & Stripe Add-on plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.3.1. This makes it possible for unauthenticated attackers...

6.1CVSS6AI score0.00368EPSS
Exploits0References4
CVE
CVE
added 2024/11/09 6:41 a.m.49 views

CVE-2024-10683

CVE-2024-10683 affects the WordPress plugin Contact Form 7 – PayPal & Stripe Add-on, due to unsafe use of add_query_arg/remove_query_arg without proper escaping. The issue is Reflected XSS, exploitable by unauthenticated actors who can trick a user into clicking a manipulated link, with exploitat...

6.1CVSS6AI score0.00368EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2024/11/09 12:0 a.m.11 views

WordPress Contact Form 7 – PayPal & Stripe Add-on Plugin <= 2.3.1 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form 7 – PayPal & Stripe Add-on Type Plugin Vulnerable versions = 2.3.1 Fixed in 2.3.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10683 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 86607dd77930...

6.1CVSS5.6AI score0.00368EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/10/17 12:29 p.m.12 views

CVE-2024-48021 WordPress Contact Form 7 – PayPal & Stripe Add-on plugin <= 2.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Scott Paterson Contact Form 7 – PayPal & Stripe Add-on allows Reflected XSS.This issue affects Contact Form 7 – PayPal & Stripe Add-on: from n/a through 2.3...

7.1CVSS7AI score0.00275EPSS
Exploits0References1
CVE
CVE
added 2024/10/17 12:29 p.m.48 views

CVE-2024-48021

CVE-2024-48021 describes a Reflected Cross-Site Scripting (XSS) vulnerability in the WordPress plugin Contact Form 7 – PayPal & Stripe Add-on, affecting versions up to 2.3. The issue arises from improper input neutralization during web page generation, enabling Reflected XSS. PatchStack and Red H...

7.1CVSS5.9AI score0.00275EPSS
Exploits0References1
NVD
NVD
added 2024/03/19 2:15 p.m.19 views

CVE-2024-29130

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Scott Paterson Contact Form 7 – PayPal & Stripe Add-on allows Reflected XSS.This issue affects Contact Form 7 – PayPal & Stripe Add-on: from n/a through 2.0...

7.1CVSS6.9AI score0.00398EPSS
Exploits0References1
OSV
OSV
added 2024/03/19 2:15 p.m.5 views

CVE-2024-29130

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Scott Paterson Contact Form 7 – PayPal & Stripe Add-on allows Reflected XSS.This issue affects Contact Form 7 – PayPal & Stripe Add-on: from n/a through 2.0...

6.1CVSS7.3AI score0.00398EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/03/19 12:0 a.m.8 views

PT-2024-22752 · Unknown · Contact Form 7 – Paypal & Stripe Add-On

Name of the Vulnerable Software and Affected Versions: Contact Form 7 – PayPal & Stripe Add-on versions n/a through 2.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Reflected XSS...

7.1CVSS9.4AI score0.00398EPSS
Exploits0References4
OSV
OSV
added 2024/02/28 5:15 p.m.1 views

CVE-2023-51683

Cross-Site Request Forgery CSRF vulnerability in Scott Paterson Easy PayPal & Stripe Buy Now Button.This issue affects Easy PayPal & Stripe Buy Now Button: from n/a through 1.8.1...

8.8CVSS7.3AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/02/28 12:0 a.m.4 views

PT-2024-14241 · Unknown · Easy Paypal & Stripe Buy Now Button

Name of the Vulnerable Software and Affected Versions: Easy PayPal & Stripe Buy Now Button versions 1.8.1 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the Easy PayPal & Stripe Buy Now Button. This issue allows for malicious requests to be made on behalf of the user...

8.8CVSS9.4AI score0.00221EPSS
Exploits0References7
WPVulnDB
WPVulnDB
added 2024/02/27 12:0 a.m.13 views

Easy PayPal & Stripe Buy Now Button <= 1.8.3 & Contact Form 7 – PayPal & Stripe Add-on <= 2.1 - Cross-Site Request Forgery to Settings Update

Description The Easy PayPal & Stripe Buy Now Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.3 and in Contact Form 7 – PayPal & Stripe Add-on all versions up to, and including 2.1. This is due to missing or incorrect nonce validati...

4.3CVSS6.4AI score0.00297EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2023/07/10 4:15 p.m.20 views

CVE-2023-24405

Cross-Site Request Forgery CSRF vulnerability in Scott Paterson Contact Form 7 – PayPal & Stripe Add-on plugin = 1.9.3 versions...

8.8CVSS6.5AI score0.00303EPSS
Exploits0References1
OSV
OSV
added 2023/07/10 4:15 p.m.4 views

CVE-2023-24405

Cross-Site Request Forgery CSRF vulnerability in Scott Paterson Contact Form 7 – PayPal & Stripe Add-on plugin = 1.9.3 versions...

8.8CVSS7.3AI score0.00303EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/07/10 12:0 a.m.6 views

Wordpress Plugin Contact Form 7 – PayPal & Stripe Add-on 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

8.8CVSS7.9AI score0.00303EPSS
Exploits0References2
Patchstack
Patchstack
added 2023/03/17 12:0 a.m.13 views

WordPress Contact Form 7 – PayPal & Stripe Add-on Plugin <= 1.9.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Contact Form 7 – PayPal & Stripe Add-on Type Plugin Vulnerable versions = 1.9.3 Fixed in 1.9.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-24405 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 071c0edcb7eb...

8.8CVSS6.6AI score0.00303EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder