106 matches found
PT-2024-38638 · WordPress · Misiek Paypal Wordpress Plugin
Name of the Vulnerable Software and Affected Versions: Misiek Paypal WordPress plugin versions through 1.1.20090324 Description: The issue is related to the lack of CSRF checks in some places, as well as missing sanitization and escaping, which could allow attackers to make logged-in admins add...
CVE-2024-6021
The Donation Block For PayPal WordPress plugin through 2.1.0 does not sanitise and escape form submissions, leading to a stored cross-site scripting vulnerability...
WordPress plugin Donation Block For PayPal 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...
PT-2024-36344 · WordPress · Paypal Pay Now
Name of the Vulnerable Software and Affected Versions: PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode WordPress plugin versions 1.7 and earlier Description: The issue concerns the PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode WordPress plugin, which does not properly...
CVE-2024-3065
The PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
WordPress plugin Easy Accept Payments via PayPal 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the WordPre...
CVE-2023-0535
The Donation Block For PayPal WordPress plugin before 2.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
Cross site scripting
The Donation Block For PayPal WordPress plugin before 2.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
WordPress Plugin PayPal 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
CVE-2023-0275
The Easy Accept Payments for PayPal WordPress plugin before 4.9.10 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...
nemo-appium 安全漏洞
nemo-appium is an open source plugin for PayPal. It is used to start the appium server during Nemo startup and terminate it at driver time. A security vulnerability exists in versions prior to nemo-appium 0.0.9, which stems from improper cleaning of user input...
Easy Accept Payments for PayPal < 4.9.10 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC wppaypalpaymentboxforanyamount...
WordPress Checkout for PayPal plugin <= 1.0.13 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Lana Codes in WordPress Checkout for PayPal plugin versions = 1.0.13. Solution Update the WordPress Checkout for PayPal plugin to the latest available version at least 1.0.14...
Sylius Information Disclosure Vulnerability
Sylius is a set of open source e-commerce platform based on the Symfony framework from the Polish company Sylius. sylius paypal-plugin is vulnerable to an information disclosure vulnerability, which could lead to the exposure of personally identifiable information. No details of the vulnerability...
GHSA-25FX-MXC2-76G7 Sylius PayPal Plugin allows unauthorized access to Credit card form, exposing payer name and not requiring 3DS
Impact URL to the payment page done after checkout was created with autoincremented payment id /pay-with-paypal/id and therefore it was easy to access for anyone, not even the order's customer. The problem was, the Credit card form has prefilled "credit card holder" field with the Customer's firs...
Sylius PayPal Plugin allows unauthorized access to Credit card form, exposing payer name and not requiring 3DS
Impact URL to the payment page done after checkout was created with autoincremented payment id /pay-with-paypal/id and therefore it was easy to access for anyone, not even the order's customer. The problem was, the Credit card form has prefilled "credit card holder" field with the Customer's firs...
CVE-2021-41120
sylius/paypal-plugin is a paypal plugin for the Sylius development platform. In affected versions the URL to the payment page done after checkout was created with autoincremented payment id /pay-with-paypal/id and therefore it was easy to predict. The problem is that the Credit card form has...
CVE-2021-41120
sylius/paypal-plugin is a paypal plugin for the Sylius development platform. In affected versions the URL to the payment page done after checkout was created with autoincremented payment id /pay-with-paypal/id and therefore it was easy to predict. The problem is that the Credit card form has...
CVE-2021-41120 Unauthorized access to Credit card form in sylius/paypal-plugin
sylius/paypal-plugin is a paypal plugin for the Sylius development platform. In affected versions the URL to the payment page done after checkout was created with autoincremented payment id /pay-with-paypal/id and therefore it was easy to predict. The problem is that the Credit card form has...
Sylius 信息泄露漏洞
Sylius is a set of open source e-commerce platform based on the Symfony framework from the Polish company Sylius. sylius paypal-plugin is vulnerable to an information disclosure vulnerability, which could lead to the exposure of personally identifiable information. No details of the vulnerability...