106 matches found
CVE-2025-29788 Sylius PayPal Plugin Payment Amount Manipulation Vulnerability
The Syliud PayPal Plugin is the Sylius Core Team’s plugin for the PayPal Commerce Platform. A vulnerability in versions prior to 1.6.1, 1.7.1, and 2.0.1 allows users to manipulate the final payment amount processed by PayPal. If a user modifies the item quantity in their shopping cart after...
CVE-2025-29788
CVE-2025-29788 affects the Sylius PayPal Plugin (Sylius Core Team) for PayPal Commerce. In versions prior to 1.6.1, 1.7.1, and 2.0.1, a vulnerability allows manipulating the final PayPal payment amount when a user changes the item quantity in the cart after initiating PayPal Express Checkout. Pay...
CVE-2025-29788 Sylius PayPal Plugin Payment Amount Manipulation Vulnerability
The Syliud PayPal Plugin is the Sylius Core Team’s plugin for the PayPal Commerce Platform. A vulnerability in versions prior to 1.6.1, 1.7.1, and 2.0.1 allows users to manipulate the final payment amount processed by PayPal. If a user modifies the item quantity in their shopping cart after...
PayPal Plugin 安全漏洞
PayPal Plugin is an open source plugin for the PayPal commerce platform from Sylius eCommerce. A security vulnerability exists in PayPal Plugin versions prior to 1.6.1, prior to 1.7.1, and prior to 2.0.1, which stems from payment amount manipulation and could lead to fraud...
CVE-2024-13560
The Subscriptions & Memberships for PayPal plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.6. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to delete arbitrary pos...
CVE-2025-1689
The ThemeMakers PayPal Express Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'paypal' shortcode in versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-13560
The Subscriptions & Memberships for PayPal plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.6. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to delete arbitrary pos...
CVE-2024-13560 Subscriptions & Memberships for PayPal <= 1.1.6 - Cross-Site Request Forgery to Arbitrary Post Deletion
The Subscriptions & Memberships for PayPal plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.6. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to delete arbitrary pos...
CVE-2024-13560 Subscriptions & Memberships for PayPal <= 1.1.6 - Cross-Site Request Forgery to Arbitrary Post Deletion
The Subscriptions & Memberships for PayPal plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.6. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to delete arbitrary pos...
WordPress Subscriptions & Memberships for PayPal plugin <= 1.1.6 - Cross-Site Request Forgery to Arbitrary Post Deletion vulnerability
Cross-Site Request Forgery to Arbitrary Post Deletion vulnerability discovered by Krzysztof Zając in WordPress Plugin Subscriptions & Memberships for PayPal versions = 1.1.6...
CVE-2024-13758
CVE-2024-13758 involves the CP Contact Form with PayPal plugin for WordPress. The vulnerability is a Cross-Site Request Forgery (CSRF) due to missing or incorrect nonce validation in cp_contact_form_paypal_check_init_actions(), affecting all versions up to and including 1.3.52. This allows unauth...
CVE-2024-13401
The Payment Button for PayPal plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wppaypalcheckout' shortcode in all versions up to, and including, 1.2.3.35 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...
CVE-2024-13398 Checkout for PayPal <= 1.0.32 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Checkout for PayPal plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'checkoutforpaypal' shortcode in all versions up to, and including, 1.0.32 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-13398 Checkout for PayPal <= 1.0.32 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Checkout for PayPal plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'checkoutforpaypal' shortcode in all versions up to, and including, 1.0.32 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-13401 Payment Button for PayPal <= 1.2.3.35 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Payment Button for PayPal plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wppaypalcheckout' shortcode in all versions up to, and including, 1.2.3.35 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...
CVE-2024-13401
CVE-2024-13401 affects the WordPress PayPal Payment Button plugin up to version 1.2.3.35. The vulnerability is a Stored XSS in the wp_paypal_checkout shortcode caused by insufficient input sanitization and output escaping on user-supplied attributes. Exploitation requires authenticated access at ...
CVE-2025-22525
CVE-2025-22525 affects the Donation Block For PayPal WordPress plugin. It is described as an stored XSS vulnerability (Cross-site Scripting) due to improper neutralization of input during web page generation, impacting Donation Block For PayPal versions up to 2.2.0. The connected Red Hat/Wordfenc...
CVE-2025-22525 WordPress Donation Block For PayPal Plugin <= 2.2.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bharatkambariya Donation Block For PayPal allows Stored XSS.This issue affects Donation Block For PayPal: from n/a through 2.2.0...
WordPress Donation Block For PayPal Plugin <= 2.2.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by zaim Patchstack Alliance in WordPress Plugin Donation Block For PayPal versions = 2.2.0...
CVE-2024-7861
The Misiek Paypal WordPress plugin through 1.1.20090324 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...