Lucene search
+L

106 matches found

Vulnrichment
Vulnrichment
added 2025/03/17 1:25 p.m.8 views

CVE-2025-29788 Sylius PayPal Plugin Payment Amount Manipulation Vulnerability

The Syliud PayPal Plugin is the Sylius Core Team’s plugin for the PayPal Commerce Platform. A vulnerability in versions prior to 1.6.1, 1.7.1, and 2.0.1 allows users to manipulate the final payment amount processed by PayPal. If a user modifies the item quantity in their shopping cart after...

6.5CVSS6.2AI score0.00464EPSS
Exploits0References6
CVE
CVE
added 2025/03/17 1:25 p.m.63 views

CVE-2025-29788

CVE-2025-29788 affects the Sylius PayPal Plugin (Sylius Core Team) for PayPal Commerce. In versions prior to 1.6.1, 1.7.1, and 2.0.1, a vulnerability allows manipulating the final PayPal payment amount when a user changes the item quantity in the cart after initiating PayPal Express Checkout. Pay...

6.5CVSS6.5AI score0.00464EPSS
Exploits0References6
OSV
OSV
added 2025/03/17 1:25 p.m.9 views

CVE-2025-29788 Sylius PayPal Plugin Payment Amount Manipulation Vulnerability

The Syliud PayPal Plugin is the Sylius Core Team’s plugin for the PayPal Commerce Platform. A vulnerability in versions prior to 1.6.1, 1.7.1, and 2.0.1 allows users to manipulate the final payment amount processed by PayPal. If a user modifies the item quantity in their shopping cart after...

6.5CVSS6.3AI score0.00464EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/03/17 12:0 a.m.3 views

PayPal Plugin 安全漏洞

PayPal Plugin is an open source plugin for the PayPal commerce platform from Sylius eCommerce. A security vulnerability exists in PayPal Plugin versions prior to 1.6.1, prior to 1.7.1, and prior to 2.0.1, which stems from payment amount manipulation and could lead to fraud...

6.5CVSS6.3AI score0.00464EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/02/28 8:26 a.m.8 views

CVE-2024-13560

The Subscriptions & Memberships for PayPal plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.6. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to delete arbitrary pos...

4.3CVSS6.5AI score0.00266EPSS
Exploits0References1
NVD
NVD
added 2025/02/27 7:15 a.m.12 views

CVE-2025-1689

The ThemeMakers PayPal Express Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'paypal' shortcode in versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.0027EPSS
Exploits0References3
NVD
NVD
added 2025/02/26 1:15 p.m.5 views

CVE-2024-13560

The Subscriptions & Memberships for PayPal plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.6. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to delete arbitrary pos...

4.3CVSS0.00266EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/02/26 8:21 a.m.6 views

CVE-2024-13560 Subscriptions & Memberships for PayPal <= 1.1.6 - Cross-Site Request Forgery to Arbitrary Post Deletion

The Subscriptions & Memberships for PayPal plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.6. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to delete arbitrary pos...

4.3CVSS4.4AI score0.00266EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/02/26 8:21 a.m.12 views

CVE-2024-13560 Subscriptions & Memberships for PayPal <= 1.1.6 - Cross-Site Request Forgery to Arbitrary Post Deletion

The Subscriptions & Memberships for PayPal plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.6. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to delete arbitrary pos...

4.3CVSS0.00266EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/02/25 11:36 p.m.8 views

WordPress Subscriptions & Memberships for PayPal plugin <= 1.1.6 - Cross-Site Request Forgery to Arbitrary Post Deletion vulnerability

Cross-Site Request Forgery to Arbitrary Post Deletion vulnerability discovered by Krzysztof Zając in WordPress Plugin Subscriptions & Memberships for PayPal versions = 1.1.6...

4.3CVSS7AI score0.00266EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/01/30 8:21 a.m.70 views

CVE-2024-13758

CVE-2024-13758 involves the CP Contact Form with PayPal plugin for WordPress. The vulnerability is a Cross-Site Request Forgery (CSRF) due to missing or incorrect nonce validation in cp_contact_form_paypal_check_init_actions(), affecting all versions up to and including 1.3.52. This allows unauth...

6.5CVSS6.1AI score0.00258EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2025/01/17 5:15 a.m.14 views

CVE-2024-13401

The Payment Button for PayPal plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wppaypalcheckout' shortcode in all versions up to, and including, 1.2.3.35 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...

6.4CVSS0.0034EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/01/17 4:30 a.m.4 views

CVE-2024-13398 Checkout for PayPal <= 1.0.32 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Checkout for PayPal plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'checkoutforpaypal' shortcode in all versions up to, and including, 1.0.32 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.00272EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/01/17 4:30 a.m.18 views

CVE-2024-13398 Checkout for PayPal <= 1.0.32 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Checkout for PayPal plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'checkoutforpaypal' shortcode in all versions up to, and including, 1.0.32 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00272EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/01/17 4:30 a.m.20 views

CVE-2024-13401 Payment Button for PayPal <= 1.2.3.35 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Payment Button for PayPal plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wppaypalcheckout' shortcode in all versions up to, and including, 1.2.3.35 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...

6.4CVSS0.0034EPSS
Exploits1References4
CVE
CVE
added 2025/01/17 4:30 a.m.50 views

CVE-2024-13401

CVE-2024-13401 affects the WordPress PayPal Payment Button plugin up to version 1.2.3.35. The vulnerability is a Stored XSS in the wp_paypal_checkout shortcode caused by insufficient input sanitization and output escaping on user-supplied attributes. Exploitation requires authenticated access at ...

6.4CVSS5.7AI score0.0034EPSS
Exploits1References4
CVE
CVE
added 2025/01/07 2:57 p.m.44 views

CVE-2025-22525

CVE-2025-22525 affects the Donation Block For PayPal WordPress plugin. It is described as an stored XSS vulnerability (Cross-site Scripting) due to improper neutralization of input during web page generation, impacting Donation Block For PayPal versions up to 2.2.0. The connected Red Hat/Wordfenc...

6.5CVSS7.2AI score0.00345EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/07 2:57 p.m.6 views

CVE-2025-22525 WordPress Donation Block For PayPal Plugin <= 2.2.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bharatkambariya Donation Block For PayPal allows Stored XSS.This issue affects Donation Block For PayPal: from n/a through 2.2.0...

6.5CVSS6.8AI score0.00345EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/01/07 1:25 p.m.4 views

WordPress Donation Block For PayPal Plugin <= 2.2.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by zaim Patchstack Alliance in WordPress Plugin Donation Block For PayPal versions = 2.2.0...

6.5CVSS6.1AI score0.00345EPSS
Exploits0Affected Software1
OSV
OSV
added 2024/09/12 6:15 a.m.4 views

CVE-2024-7861

The Misiek Paypal WordPress plugin through 1.1.20090324 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

6.1CVSS5.8AI score0.00177EPSS
Exploits1References1
Rows per page
Query Builder