CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

57 matches found

EUVD•added 2026/05/29 8:28 a.m.•7 views

EUVD-2026-33265

The Contact Form 7 – PayPal & Stripe Add-on plugin for WordPress is vulnerable to Payment Bypass via Insufficient Verification of Data Authenticity in all versions up to, and including, 2.4.9. Although cf7pppaypalipnhandler correctly validates IPN authenticity by posting back to PayPal with...

5.3CVSS5.9AI score0.00044EPSS

Exploits0References8

OSV•added 2026/04/08 12:8 a.m.•3 views

GHSA-MMW7-WQ3C-WF9P WWBN AVideo Affected by a PayPal IPN Replay Attack Enabling Wallet Balance Inflation via Missing Transaction Deduplication in ipn.php

Summary The PayPal IPN v1 handler at plugin/PayPalYPT/ipn.php lacks transaction deduplication, allowing an attacker to replay a single legitimate IPN notification to repeatedly inflate their wallet balance and renew subscriptions. The newer ipnV2.php and webhook.php handlers correctly deduplicate...

6.5CVSS5.9AI score0.00018EPSS

Exploits0References4

NVD•added 2026/04/07 8:16 p.m.•0 views

CVE-2026-39366

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the PayPal IPN v1 handler at plugin/PayPalYPT/ipn.php lacks transaction deduplication, allowing an attacker to replay a single legitimate IPN notification to repeatedly inflate their wallet balance and renew subscriptions...

6.5CVSS0.00018EPSS

Exploits0References2

RedhatCVE•added 2026/02/19 1:29 p.m.•3 views

CVE-2025-14444

The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to payment bypass due to insufficient verification of data authenticity on the 'processpaypalsdkpayment' function in all versions up to, and including, 6.0.6.9. This is...

5.3CVSS5.7AI score0.00012EPSS

Exploits0References1

ATTACKERKB•added 2026/02/18 10:20 a.m.•3 views

CVE-2025-14444

5.3CVSS5.7AI score0.00012EPSS

Exploits0References6

RedhatCVE•added 2025/12/13 3:59 a.m.•2 views

CVE-2025-13966

The Paypal Payment Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'buttomimage' parameter of the paypal-shortcode shortcode in all versions up to, and including, 1.01 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.1AI score0.00041EPSS

Exploits0References1

Vulnrichment•added 2025/12/12 3:20 a.m.•1 views

CVE-2025-13966 Paypal Payment Shortcode <= 1.01 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'buttom_image' Shortcode Attribute

6.4CVSS4.8AI score0.00041EPSS

Exploits0References5

CVE•added 2025/12/12 3:20 a.m.•10 views

CVE-2025-13966

CVE-2025-13966 : The Paypal Payment Shortcode plugin for WordPress is vulnerable to a stored XSS via the buttom_image parameter in the [paypal-shortcode] shortcode, affecting all versions up to 1.01. The Wordfence Vulnerability DB notes that this requires Contributor+ access and that a patch is n...

6.4CVSS4.8AI score0.00041EPSS

Exploits0References5

CNNVD•added 2025/12/12 12:0 a.m.•1 views

WordPress plugin Paypal Payment Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS5.7AI score0.00041EPSS

Exploits0References5

Patchstack•added 2025/12/11 8:53 p.m.•3 views

WordPress Paypal Payment Shortcode plugin <= 1.01 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'buttom_image' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'buttomimage' Shortcode Attribute vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Paypal Payment Shortcode versions = 1.01...

6.4CVSS5.6AI score0.00041EPSS

Exploits0References1Affected Software1

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2024-34551