EUVD-2025-199801

The SKT PayPal for WooCommerce plugin for WordPress is vulnerable to Payment Bypass in all versions up to, and including, 1.4. This is due to the plugin only enforcing client side controls instead of server-side controls when processing payments. This makes it possible for unauthenticated attacke...

CVE-2025-7820 SKT PayPal for WooCommerce <= 1.4 - Unauthenticated Payment Bypass

The SKT PayPal for WooCommerce plugin for WordPress is vulnerable to Payment Bypass in all versions up to, and including, 1.4. This is due to the plugin only enforcing client side controls instead of server-side controls when processing payments. This makes it possible for unauthenticated attacke...

EUVD-2025-198536

The CP Contact Form with PayPal plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.3.56. This is due to the plugin exposing an unauthenticated IPN-like endpoint via the 'cpcontactformppipncheck' query parameter that processes payment confirmations...

PT-2025-47828

Name of the Vulnerable Software and Affected Versions CP Contact Form with PayPal plugin for WordPress versions through 1.3.56 Description The CP Contact Form with PayPal plugin for WordPress is susceptible to unauthorized payment confirmation. The plugin exposes an unauthenticated endpoint via t...

EUVD-2019-5916

Malware in sbrugna...

EUVD-2015-9086

Malware in sbrugna...

EUVD-2019-5917

Malware in sbrugna...

EUVD-2023-31236

Malicious code in bioql PyPI...

EUVD-2022-24583

Malicious code in bioql PyPI...

EUVD-2023-0805

Malicious code in bioql PyPI...

EUVD-2022-4207

Malicious code in bioql PyPI...

WordPress Accept Donations with PayPal plugin Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress Accept Donations with PayPal plugin, which stems from the WEB application not adequately verifying that a...

PT-2025-20140 · WordPress · Contact Form 7 – Paypal & Stripe Add-On

Name of the Vulnerable Software and Affected Versions: Contact Form 7 – PayPal & Stripe Add-on versions through 2.3.4 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS, which allows Stored XSS. This means an...

MAL-2025-1913 Malicious code in paypal-expanded-integration-backend-node (npm)

--- -= Per source details. Do not edit below this line.=-...

CVE-2024-11895 Online Payments – Get Paid with PayPal, Square & Stripe <= 3.20.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Online Payments – Get Paid with PayPal, Square & Stripe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.20.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes...

MAL-2025-1160 Malicious code in paypal-js-advanced-integration-ib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f3b3d606a46036e08dc78fd5e2e8fe3694d1607d120c062343a2868294d3c9c4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-1163 Malicious code in paypal-standard-integration (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 45bb803ebb8e266ab790d8a7ab7ad62d31675c7ed376f7a50bb88c0110816fb5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-1164 Malicious code in paypal-standard-integration-react-ib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6521cab55325b37c4d38ef5d9c7136a36024b1e4615b1ef885089e708edf6376 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

BloodBank 1.0 Cross Site Scripting

====================================================================================================================================== | Title : BloodBank v1.0 - Blood Donor Directory CMS with PayPal Integration XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro /...

BloodBank 1.0 Insecure Direct Object Reference

====================================================================================================================================== | Title : BloodBank v1.0 - Blood Donor Directory CMS with PayPal Integration unauthorized administrative access Vulnerability | | Author : indoushka | | Tested on...