18 matches found
EUVD-2004-2239
Malware in sbrugna...
EUVD-2021-11390
Malware in sbrugna...
EUVD-2022-39001
Malicious code in bioql PyPI...
CVE-2021-24478
The Bookshelf WordPress plugin through 2.0.4 does not sanitise or escape its "Paypal email address" setting before outputting it in the page, leading to an authenticated Stored Cross-Site Scripting issue...
CVE-2004-2247
Unknown vulnerability in the "admin of paypal email addresses" in AudienceConnect before 1.0.beta.21 has unknown impact and attack vectors...
CVE-2022-36284
Authenticated IDOR vulnerability in StoreApps Affiliate For WooCommerce premium plugin = 4.7.0 at WordPress allows an attacker to change the PayPal email. WooCommerce PayPal Payments plugin free should be at least installed to get the extra input field on the user profile page...
CVE-2022-36284
Authenticated IDOR vulnerability in StoreApps Affiliate For WooCommerce premium plugin = 4.7.0 at WordPress allows an attacker to change the PayPal email. WooCommerce PayPal Payments plugin free should be at least installed to get the extra input field on the user profile page...
Design/Logic Flaw
Authenticated IDOR vulnerability in StoreApps Affiliate For WooCommerce premium plugin = 4.7.0 at WordPress allows an attacker to change the PayPal email. WooCommerce PayPal Payments plugin free should be at least installed to get the extra input field on the user profile page...
CVE-2022-36284 WordPress Affiliate For WooCommerce premium plugin <= 4.7.0 - Authenticated IDOR vulnerability leading to PayPal email change
Authenticated IDOR vulnerability in StoreApps Affiliate For WooCommerce premium plugin = 4.7.0 at WordPress allows an attacker to change the PayPal email. WooCommerce PayPal Payments plugin free should be at least installed to get the extra input field on the user profile page...
WordPress plugin StoreApps Affiliate For WooCommerce premium 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2022-23290 · Storeapps · Storeapps Affiliate For Woocommerce
Name of the Vulnerable Software and Affected Versions: StoreApps Affiliate For WooCommerce premium plugin versions = 4.7.0 Description: The issue allows an attacker to change the PayPal email due to an authenticated IDOR vulnerability. This can be exploited when the WooCommerce PayPal Payments...
CVE-2021-24478
The Bookshelf WordPress plugin through 2.0.4 does not sanitise or escape its "Paypal email address" setting before outputting it in the page, leading to an authenticated Stored Cross-Site Scripting issue...
Cross site scripting
The Bookshelf WordPress plugin through 2.0.4 does not sanitise or escape its "Paypal email address" setting before outputting it in the page, leading to an authenticated Stored Cross-Site Scripting issue...
Bookshelf <= 2.0.4 - Authenticated Stored Cross-Site Scripting (XSS)
The plugin does not sanitise or escape its "Paypal email address" setting before outputting it in the page, leading to an authenticated Stored Cross-Site Scripting issue PoC Add the following payload in the "Paypal email address" setting of the plugin /wp-admin/admin.php?page=bookshelf-settings: ...
Bookshelf <= 2.0.4 - Authenticated Stored Cross-Site Scripting (XSS)
The plugin does not sanitise or escape its "Paypal email address" setting before outputting it in the page, leading to an authenticated Stored Cross-Site Scripting issue Add the following payload in the "Paypal email address" setting of the plugin /wp-admin/admin.php?page=bookshelf-settings:...
Leaky database exposes fake Amazon product reviews scam
By Deeba Ahmed The database contained 7GB worth of data including fake Amazon reviews and PayPal email addresses of scammers among other sensitive data. This is a post from HackRead.com Read the original post: Leaky database exposes fake Amazon product reviews scam...
PayPal: Token leak in security challenge flow allows retrieving victim's PayPal email and plain text password
A bug was identified whereby sensitive, unique tokens were being leaked in a JS file used by the recaptcha implementation. In certain cases, a user must solve a CAPTCHA challenge after authenticating. When the security challenge is completed, the authentication request is replayed to log in. The...
CVE-2004-2247
Unknown vulnerability in the "admin of paypal email addresses" in AudienceConnect before 1.0.beta.21 has unknown impact and attack vectors...