Lucene search
+L

106 matches found

Positive Technologies
Positive Technologies
added 2024/09/11 12:0 a.m.6 views

PT-2024-38638 · WordPress · Misiek Paypal Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Misiek Paypal WordPress plugin versions through 1.1.20090324 Description: The issue is related to the lack of CSRF checks in some places, as well as missing sanitization and escaping, which could allow attackers to make logged-in admins add...

6.1CVSS5.7AI score0.00177EPSS
Exploits1References6
OSV
OSV
added 2024/07/30 6:15 a.m.4 views

CVE-2024-6021

The Donation Block For PayPal WordPress plugin through 2.1.0 does not sanitise and escape form submissions, leading to a stored cross-site scripting vulnerability...

6.8CVSS5.7AI score0.00447EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/07/30 12:0 a.m.4 views

WordPress plugin Donation Block For PayPal 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

6.8CVSS6.7AI score0.00447EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/06/21 12:0 a.m.12 views

PT-2024-36344 · WordPress · Paypal Pay Now

Name of the Vulnerable Software and Affected Versions: PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode WordPress plugin versions 1.7 and earlier Description: The issue concerns the PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode WordPress plugin, which does not properly...

5.4CVSS5.3AI score0.00319EPSS
Exploits2References7
NVD
NVD
added 2024/05/23 2:15 a.m.23 views

CVE-2024-3065

The PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

4.4CVSS4.7AI score0.00271EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/04/29 12:0 a.m.5 views

WordPress plugin Easy Accept Payments via PayPal 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the WordPre...

7.5CVSS6.7AI score0.00469EPSS
Exploits0References2
OSV
OSV
added 2023/02/27 4:15 p.m.4 views

CVE-2023-0535

The Donation Block For PayPal WordPress plugin before 2.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

5.4CVSS6.7AI score0.00466EPSS
Exploits2References1
Prion
Prion
added 2023/02/27 4:15 p.m.17 views

Cross site scripting

The Donation Block For PayPal WordPress plugin before 2.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

4.9CVSS5.4AI score0.00466EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2023/02/27 12:0 a.m.4 views

WordPress Plugin PayPal 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.4CVSS5.9AI score0.00466EPSS
Exploits2References2
OSV
OSV
added 2023/02/13 3:15 p.m.7 views

CVE-2023-0275

The Easy Accept Payments for PayPal WordPress plugin before 4.9.10 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...

5.4CVSS6.1AI score0.0054EPSS
Exploits2References1
CNNVD
CNNVD
added 2023/01/31 12:0 a.m.5 views

nemo-appium 安全漏洞

nemo-appium is an open source plugin for PayPal. It is used to start the appium server during Nemo startup and terminate it at driver time. A security vulnerability exists in versions prior to nemo-appium 0.0.9, which stems from improper cleaning of user input...

9.8CVSS8.3AI score0.02774EPSS
Exploits1References4
WPVulnDB
WPVulnDB
added 2023/01/17 12:0 a.m.19 views

Easy Accept Payments for PayPal < 4.9.10 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC wppaypalpaymentboxforanyamount...

5.4CVSS5.1AI score0.0054EPSS
Exploits2Affected Software1
Patchstack
Patchstack
added 2022/11/22 12:0 a.m.10 views

WordPress Checkout for PayPal plugin <= 1.0.13 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Lana Codes in WordPress Checkout for PayPal plugin versions = 1.0.13. Solution Update the WordPress Checkout for PayPal plugin to the latest available version at least 1.0.14...

2.2AI score0.00471EPSS
Exploits2References1Affected Software1
CNVD
CNVD
added 2021/12/01 12:0 a.m.39 views

Sylius Information Disclosure Vulnerability

Sylius is a set of open source e-commerce platform based on the Symfony framework from the Polish company Sylius. sylius paypal-plugin is vulnerable to an information disclosure vulnerability, which could lead to the exposure of personally identifiable information. No details of the vulnerability...

7.5CVSS2.8AI score0.01493EPSS
Exploits0References1
OSV
OSV
added 2021/10/06 5:49 p.m.42 views

GHSA-25FX-MXC2-76G7 Sylius PayPal Plugin allows unauthorized access to Credit card form, exposing payer name and not requiring 3DS

Impact URL to the payment page done after checkout was created with autoincremented payment id /pay-with-paypal/id and therefore it was easy to access for anyone, not even the order's customer. The problem was, the Credit card form has prefilled "credit card holder" field with the Customer's firs...

7.5CVSS7.4AI score0.01493EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2021/10/06 5:49 p.m.42 views

Sylius PayPal Plugin allows unauthorized access to Credit card form, exposing payer name and not requiring 3DS

Impact URL to the payment page done after checkout was created with autoincremented payment id /pay-with-paypal/id and therefore it was easy to access for anyone, not even the order's customer. The problem was, the Credit card form has prefilled "credit card holder" field with the Customer's firs...

7.5CVSS0.7AI score0.01493EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2021/10/05 9:15 p.m.30 views

CVE-2021-41120

sylius/paypal-plugin is a paypal plugin for the Sylius development platform. In affected versions the URL to the payment page done after checkout was created with autoincremented payment id /pay-with-paypal/id and therefore it was easy to predict. The problem is that the Credit card form has...

7.5CVSS0.01493EPSS
Exploits0References3
OSV
OSV
added 2021/10/05 9:15 p.m.14 views

CVE-2021-41120

sylius/paypal-plugin is a paypal plugin for the Sylius development platform. In affected versions the URL to the payment page done after checkout was created with autoincremented payment id /pay-with-paypal/id and therefore it was easy to predict. The problem is that the Credit card form has...

7.5CVSS7.4AI score
Exploits0References3
Cvelist
Cvelist
added 2021/10/05 8:35 p.m.30 views

CVE-2021-41120 Unauthorized access to Credit card form in sylius/paypal-plugin

sylius/paypal-plugin is a paypal plugin for the Sylius development platform. In affected versions the URL to the payment page done after checkout was created with autoincremented payment id /pay-with-paypal/id and therefore it was easy to predict. The problem is that the Credit card form has...

7.5CVSS7.6AI score0.01493EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/10/05 12:0 a.m.6 views

Sylius 信息泄露漏洞

Sylius is a set of open source e-commerce platform based on the Symfony framework from the Polish company Sylius. sylius paypal-plugin is vulnerable to an information disclosure vulnerability, which could lead to the exposure of personally identifiable information. No details of the vulnerability...

7.5CVSS7.3AI score0.01493EPSS
Exploits0References4
Rows per page
Query Builder