CVE-2026-9189 Contact Form 7 – PayPal & Stripe Add-on <= 2.4.9 - Unauthenticated Payment Bypass via Insufficient Verification of Data Authenticity via PayPal IPN Handler ('invoice'/'mc_gross' Verification)

The Contact Form 7 – PayPal & Stripe Add-on plugin for WordPress is vulnerable to Payment Bypass via Insufficient Verification of Data Authenticity in all versions up to, and including, 2.4.9. Although cf7pppaypalipnhandler correctly validates IPN authenticity by posting back to PayPal with...

WordPress plugin Contact Form 7 – PayPal & Stripe Add-on 数据伪造问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress Contact Form 7 – PayPal & Stripe Add-on plugin <= 2.4.9 - Unauthenticated Payment Bypass vulnerability

Unauthenticated Payment Bypass vulnerability discovered by Stranger825 in WordPress Plugin Contact Form 7 – PayPal & Stripe Add-on versions = 2.4.9...

EUVD-2015-9214

Malware in sbrugna...

EUVD-2024-26168

Malicious code in bioql PyPI...

EUVD-2023-28461

Malicious code in bioql PyPI...

EUVD-2025-13809

Malicious code in bioql PyPI...

CVE-2023-24405

Cross-Site Request Forgery CSRF vulnerability in Scott Paterson Contact Form 7 – PayPal & Stripe Add-on plugin = 1.9.3 versions...

CVE-2015-9374

Stripe Add-on for iThemes Exchange before 1.2.0 for WordPress has XSS via addqueryarg and removequeryarg...

CVE-2025-47518

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Scott Paterson Contact Form 7 – PayPal & Stripe Add-on contact-form-7-paypal-add-on allows Stored XSS.This issue affects Contact Form 7 – PayPal & Stripe Add-on: from n/a through = 2.3.4...

CVE-2024-48021

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Scott Paterson Contact Form 7 – PayPal & Stripe Add-on contact-form-7-paypal-add-on allows Reflected XSS.This issue affects Contact Form 7 – PayPal & Stripe Add-on: from n/a through = 2.3...

CVE-2024-10683

CVE-2024-10683 affects the WordPress plugin Contact Form 7 – PayPal & Stripe Add-on, due to unsafe use of add_query_arg/remove_query_arg without proper escaping. The issue is Reflected XSS, exploitable by unauthenticated actors who can trick a user into clicking a manipulated link, with exploitat...

WordPress Contact Form 7 - PayPal & Stripe Add-on plugin <= 2.3.1 - Reflected Cross-Site Scripting vulnerability

WordPress Contact Form 7 - PayPal & Stripe Add-on plugin = 2.3.1 - Reflected Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin Contact Form 7 – PayPal & Stripe Add-on versions = 2.3.1...

CVE-2024-48021

CVE-2024-48021 describes a Reflected Cross-Site Scripting (XSS) vulnerability in the WordPress plugin Contact Form 7 – PayPal & Stripe Add-on, affecting versions up to 2.3. The issue arises from improper input neutralization during web page generation, enabling Reflected XSS. PatchStack and Red H...

CVE-2024-29130

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Scott Paterson Contact Form 7 – PayPal & Stripe Add-on allows Reflected XSS.This issue affects Contact Form 7 – PayPal & Stripe Add-on: from n/a through 2.0...

CVE-2024-29130

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Scott Paterson Contact Form 7 – PayPal & Stripe Add-on allows Reflected XSS.This issue affects Contact Form 7 – PayPal & Stripe Add-on: from n/a through 2.0...

CVE-2023-24405

Cross-Site Request Forgery CSRF vulnerability in Scott Paterson Contact Form 7 – PayPal & Stripe Add-on plugin = 1.9.3 versions...

Wordpress Plugin Contact Form 7 – PayPal & Stripe Add-on 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

WordPress Contact Form 7 – PayPal & Stripe Add-on Plugin <= 1.9.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Contact Form 7 – PayPal & Stripe Add-on Type Plugin Vulnerable versions = 1.9.3 Fixed in 1.9.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-24405 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 071c0edcb7eb...

CVE-2015-9374

Stripe Add-on for iThemes Exchange before 1.2.0 for WordPress has XSS via addqueryarg and removequeryarg...