106 matches found
Easy PayPal Buy Now Button < 1.7.3 - CSRF to Stored Cross-Site Scripting
The plugin does not have CSRF check in place when saving its settings, and does not sanitise as well as escape them when output in the page. As a result, an attacker could make a logged in admin change them via. CSRF attack and perform Cross-Site Scripting attacks. The plugin also fixed a Reflect...
WordPress CP Contact Form with PayPal Plugin Cross-Site Scripting Vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.CP Contact Form with PayPal is a Paypal payment form plugin used in it. A cross-site scripting vulnerability exists in the Publishing...
CVE-2019-14785
The "CP Contact Form with PayPal" plugin before 1.2.99 for WordPress has XSS in the publishing wizard via the wp-admin/admin.php?page=cpcontactformpaypal.php&pwizard=1 cpcontactformppid parameter...
WordPress CP Contact Form with Paypal Plugin Scripting Vulnerability
WordPress is a set of blogging platform using PHP language development, the platform supports in PHP and MySQL server set up a personal blog site.CP Contact Form with Paypal is a support for adding Paypal commonly used contacts to the Worpress website plugin. WordPress CP Contact Form with Paypal...
WordPress CP Contact Form with Paypal Plugin 1.1.5 - Multiple Vulnerabilities
There are multiple vulnerabilities in this plugin, such as CSRF, XSS and SQL injection. These vulnerabilities allow an attacker to add or delete forms, export CSV files of the messages and modify settings of the form. Solution Upgrade to version 1.1.6...
paypal-digital-goods-monetization-powered-by-cleeng <= 2.2.13 - XSS in ZeroClipboard
The paypal-digital-goods-monetization-powered-by-cleeng WordPress plugin was affected by a XSS in ZeroClipboard security vulnerability...