Lucene search
+L

106 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 5:40 a.m.4 views

CVE-2023-0535

The Donation Block For PayPal WordPress plugin before 2.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

5.4CVSS5.1AI score0.00466EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:5 p.m.13 views

CVE-2021-24570

The Accept Donations with PayPal WordPress plugin before 1.3.1 offers a function to create donation buttons, which internally are posts. The process to create a new button is lacking a CSRF check. An attacker could use this to make an authenticated admin create a new button. Furthermore, one of t...

4.3CVSS5.9AI score0.00487EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:24 p.m.10 views

CVE-2021-24989

The Accept Donations with PayPal WordPress plugin before 1.3.4 does not have CSRF check in place and does not ensure that the post to be deleted belongs to the plugin, allowing attackers to make a logged in admin delete arbitrary posts from the blog...

6.5CVSS6.8AI score0.00538EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:24 p.m.11 views

CVE-2021-24815

The Accept Donations with PayPal WordPress plugin before 1.3.2 does not escape the Amount Menu Name field of created Buttons, which could allow a high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS6AI score0.00598EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:21 p.m.9 views

CVE-2021-24572

The Accept Donations with PayPal WordPress plugin before 1.3.1 provides a function to create donation buttons which are internally stored as posts. The deletion of a button is not CSRF protected and there is no control to check if the deleted post was a button post. As a result, an attacker could...

4.3CVSS6.6AI score0.00453EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2025/05/07 2:20 p.m.8 views

CVE-2025-47517 WordPress Accept Donations with PayPal plugin <= 1.4.5 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Scott Paterson Accept Donations with PayPal allows Stored XSS. This issue affects Accept Donations with PayPal: from n/a through 1.4.5...

7.1CVSS6.8AI score0.00131EPSS
Exploits0References1
Veracode
Veracode
added 2025/03/24 3:55 a.m.12 views

Cart Manipulation

sylius/paypal-plugin is vulnerable to cart manipulation. The vulnerability is due to improper order validation and enforcement after PayPal payment authorization, allowing users to alter their cart contents before finalizing the order...

6.5CVSS7AI score0.00323EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/03/21 4:23 p.m.11 views

CVE-2025-30152

The Syliud PayPal Plugin is the Sylius Core Team’s plugin for the PayPal Commerce Platform. Prior to 1.6.2, 1.7.2, and 2.0.2, a discovered vulnerability allows users to modify their shopping cart after completing the PayPal Checkout process and payment authorization. If a user initiates a PayPal...

6.5CVSS6.8AI score0.00323EPSS
Exploits0References1
Veracode
Veracode
added 2025/03/21 2:32 a.m.10 views

Payment Manipulation

Sylius PayPal Plugin is vulnerable to Payment Manipulation. The vulnerability is due to PayPal not receiving updated totals after item quantity changes, allowing attackers to pay less than the actual order value, causing financial losses for merchants...

6.5CVSS6.6AI score0.00464EPSS
Exploits0References8Affected Software1
Snyk
Snyk
added 2025/03/19 4:42 p.m.7 views

External Control of Assumed-Immutable Web Parameter

Overview sylius/paypal-plugin is a PayPal plugin for Sylius. Affected versions of this package are vulnerable to External Control of Assumed-Immutable Web Parameter. The user-input payment amount is not adequately confirmed to be the same between payment completion and order authorization, in...

7.1CVSS6.9AI score0.00323EPSS
Exploits0References2
NVD
NVD
added 2025/03/19 4:15 p.m.10 views

CVE-2025-30152

The Syliud PayPal Plugin is the Sylius Core Team’s plugin for the PayPal Commerce Platform. Prior to 1.6.2, 1.7.2, and 2.0.2, a discovered vulnerability allows users to modify their shopping cart after completing the PayPal Checkout process and payment authorization. If a user initiates a PayPal...

6.5CVSS0.00323EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/03/19 3:57 p.m.11 views

CVE-2025-30152 Sylius PayPal Plugin has an Order Manipulation Vulnerability after PayPal Checkout

The Syliud PayPal Plugin is the Sylius Core Team’s plugin for the PayPal Commerce Platform. Prior to 1.6.2, 1.7.2, and 2.0.2, a discovered vulnerability allows users to modify their shopping cart after completing the PayPal Checkout process and payment authorization. If a user initiates a PayPal...

6.5CVSS6.2AI score0.00323EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/03/19 3:57 p.m.32 views

CVE-2025-30152 Sylius PayPal Plugin has an Order Manipulation Vulnerability after PayPal Checkout

The Syliud PayPal Plugin is the Sylius Core Team’s plugin for the PayPal Commerce Platform. Prior to 1.6.2, 1.7.2, and 2.0.2, a discovered vulnerability allows users to modify their shopping cart after completing the PayPal Checkout process and payment authorization. If a user initiates a PayPal...

6.5CVSS0.00323EPSS
Exploits0References2
CVE
CVE
added 2025/03/19 3:57 p.m.107 views

CVE-2025-30152

CVE-2025-30152 : The Sylius PayPal Plugin (for PayPal Commerce) has an order manipulation vulnerability after PayPal Checkout. Before versions 1.6.2, 1.7.2, and 2.0.2, a user can return to the order summary page and modify the cart contents, potentially causing the merchant to receive less paymen...

6.5CVSS6.2AI score0.00323EPSS
Exploits0References2
OSV
OSV
added 2025/03/19 3:57 p.m.11 views

CVE-2025-30152 Sylius PayPal Plugin has an Order Manipulation Vulnerability after PayPal Checkout

The Syliud PayPal Plugin is the Sylius Core Team’s plugin for the PayPal Commerce Platform. Prior to 1.6.2, 1.7.2, and 2.0.2, a discovered vulnerability allows users to modify their shopping cart after completing the PayPal Checkout process and payment authorization. If a user initiates a PayPal...

6.5CVSS6.4AI score0.00323EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/03/19 2:27 p.m.12 views

CVE-2025-29788

The Syliud PayPal Plugin is the Sylius Core Team’s plugin for the PayPal Commerce Platform. A vulnerability in versions prior to 1.6.1, 1.7.1, and 2.0.1 allows users to manipulate the final payment amount processed by PayPal. If a user modifies the item quantity in their shopping cart after...

6.5CVSS6.7AI score0.00464EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/03/19 12:0 a.m.8 views

PayPal Plugin 安全漏洞

PayPal Plugin is an open source plugin for the PayPal commerce platform from Sylius eCommerce. A security vulnerability exists in PayPal Plugin versions prior to 1.6.2, prior to 1.7.2, and prior to 2.0.2, which originates from a user being able to modify the shopping cart after completing the...

6.5CVSS6.4AI score0.00323EPSS
Exploits0References2
NVD
NVD
added 2025/03/17 2:15 p.m.11 views

CVE-2025-29788

The Syliud PayPal Plugin is the Sylius Core Team’s plugin for the PayPal Commerce Platform. A vulnerability in versions prior to 1.6.1, 1.7.1, and 2.0.1 allows users to manipulate the final payment amount processed by PayPal. If a user modifies the item quantity in their shopping cart after...

6.5CVSS0.00464EPSS
Exploits0References6
Snyk
Snyk
added 2025/03/17 1:47 p.m.2 views

External Control of Assumed-Immutable Web Parameter

Overview sylius/paypal-plugin is a PayPal plugin for Sylius. Affected versions of this package are vulnerable to External Control of Assumed-Immutable Web Parameter. The user-input payment amount is not adequately confirmed to be the same between initial entry and payment completion, in...

7.1CVSS6.9AI score0.00464EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/03/17 1:25 p.m.23 views

CVE-2025-29788 Sylius PayPal Plugin Payment Amount Manipulation Vulnerability

The Syliud PayPal Plugin is the Sylius Core Team’s plugin for the PayPal Commerce Platform. A vulnerability in versions prior to 1.6.1, 1.7.1, and 2.0.1 allows users to manipulate the final payment amount processed by PayPal. If a user modifies the item quantity in their shopping cart after...

6.5CVSS0.00464EPSS
Exploits0References6
Rows per page
Query Builder