Lucene search
+L

106 matches found

WPVulnDB
WPVulnDB
added 2021/10/04 12:0 a.m.10 views

Easy PayPal Buy Now Button < 1.7.3 - CSRF to Stored Cross-Site Scripting

The plugin does not have CSRF check in place when saving its settings, and does not sanitise as well as escape them when output in the page. As a result, an attacker could make a logged in admin change them via. CSRF attack and perform Cross-Site Scripting attacks. The plugin also fixed a Reflect...

1.6AI score
Exploits0References1Affected Software1
CNVD
CNVD
added 2019/08/13 12:0 a.m.10 views

WordPress CP Contact Form with PayPal Plugin Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.CP Contact Form with PayPal is a Paypal payment form plugin used in it. A cross-site scripting vulnerability exists in the Publishing...

5.4CVSS6.2AI score0.00797EPSS
Exploits2References1
OSV
OSV
added 2019/08/09 1:15 p.m.7 views

CVE-2019-14785

The "CP Contact Form with PayPal" plugin before 1.2.99 for WordPress has XSS in the publishing wizard via the wp-admin/admin.php?page=cpcontactformpaypal.php&pwizard=1 cpcontactformppid parameter...

5.4CVSS6.1AI score0.00797EPSS
Exploits2References2
CNVD
CNVD
added 2015/07/24 12:0 a.m.3 views

WordPress CP Contact Form with Paypal Plugin Scripting Vulnerability

WordPress is a set of blogging platform using PHP language development, the platform supports in PHP and MySQL server set up a personal blog site.CP Contact Form with Paypal is a support for adding Paypal commonly used contacts to the Worpress website plugin. WordPress CP Contact Form with Paypal...

6.9AI score
Exploits0References1
Patchstack
Patchstack
added 2015/07/13 12:0 a.m.5 views

WordPress CP Contact Form with Paypal Plugin 1.1.5 - Multiple Vulnerabilities

There are multiple vulnerabilities in this plugin, such as CSRF, XSS and SQL injection. These vulnerabilities allow an attacker to add or delete forms, export CSV files of the messages and modify settings of the form. Solution Upgrade to version 1.1.6...

4.2AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:58 a.m.18 views

paypal-digital-goods-monetization-powered-by-cleeng <= 2.2.13 - XSS in ZeroClipboard

The paypal-digital-goods-monetization-powered-by-cleeng WordPress plugin was affected by a XSS in ZeroClipboard security vulnerability...

4.3CVSS1.8AI score0.06316EPSS
Exploits4References2Affected Software1
Rows per page
Query Builder