CVE-2025-13384 CP Contact Form with PayPal <= 1.3.56 - Missing Authorization to Unauthenticated Arbitrary Payment Confirmation

The CP Contact Form with PayPal plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.3.56. This is due to the plugin exposing an unauthenticated IPN-like endpoint via the 'cpcontactformppipncheck' query parameter that processes payment confirmations...

EUVD-2025-34788

PrestaShop Checkout Target PayPal merchant account hijacking from backoffice...

EUVD-2021-2588

Malware in sbrugna...

EUVD-2024-34559

Malicious code in bioql PyPI...

EUVD-2024-34561

Malicious code in bioql PyPI...

EUVD-2025-2804

Malicious code in bioql PyPI...

CVE-2024-7861

The Misiek Paypal WordPress plugin through 1.1.20090324 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2011-5237

PayPal WPS ToolKit does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

CVE-2025-39572

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Noor Alam Checkout for PayPal checkout-for-paypal allows Stored XSS.This issue affects Checkout for PayPal: from n/a through = 1.0.38...

CVE-2024-13560

The CVE (CVE-2024-13560) affects the WordPress plugin Subscriptions & Memberships for PayPal up to version 1.1.6 and is caused by missing or incorrect nonce validation, enabling Cross-Site Request Forgery that allows an attacker to delete arbitrary posts via forged requests if a site admin is tri...

CVE-2024-33971

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'username' in '/login.php' parameter...

CVE-2024-33959

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'categ' in...

CVE-2024-33973

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'Attendance' and 'YearLevel' in...

CVE-2024-33974

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'Users in '/report/printlogs.php'...

PT-2024-25606 · Paypal · Paypal

Name of the Vulnerable Software and Affected Versions: PayPal, Credit Card and Debit Card Payment version 1.0 Description: The issue allows an attacker to exploit a SQL injection vulnerability by sending a specially crafted query to the server. This can lead to the retrieval of all information...

CVE-2017-6213

paypal/invoice-sdk-php is vulnerable to reflected XSS in samples/permissions.php via the permToken parameter, resulting in code execution...

PayPal Bug Bounty Filter Bypass Vulnerability

PayPal is an e-commerce application that provides online payment and money transaction services. A filter bypass vulnerability exists in PayPal. A remote attacker is able to inject malicious script code into some email headers...

Flaw Lets Attackers Bypass PayPal Two-Factor Authentication

There’s a vulnerability in the way that PayPal handles certain requests from mobile clients that can allow an attacker to bypass the two-factor authentication mechanism for the service and transfer money from a victim’s account to any recipient he chooses. The flaw lies in the way that the PayPal...

PayPal vulnerability : Hack any Paypal account within 30 seconds

PayPal vulnerability : Hack any Paypal account within 30 seconds UPDATE : This has been debunked, Paypal accounts are safe. https://thenextweb.com have spoken in depth to Matt Langley, the person who discovered the supposed issue, and it's clear why he assumed there was a serious security breach...