CVE-2026-39643

CVE-2026-39643 concerns the WordPress PayPal WooCommerce plugin (pymntpl-paypal-woocommerce) with versions up to and including 2.0.13. The vulnerability is described as a Missing Authorization issue caused by incorrectly configured access control security levels (broken access control). The conne...

CVE-2026-4072 WordPress PayPal Donation <= 1.01 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'amount' Shortcode Attribute

The WordPress PayPal Donation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'donate' shortcode in all versions up to, and including, 1.01. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes such as 'amount', 'email'...

CVE-2025-63023 WordPress Payment Gateway for PayPal on WooCommerce plugin <= 9.0.53 - Broken Access Control vulnerability

Missing Authorization vulnerability in Easy Payment Payment Gateway for PayPal on WooCommerce woo-paypal-gateway allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Gateway for PayPal on WooCommerce: from n/a through = 9.0.53...

CVE-2024-13401

The Payment Button for PayPal plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wppaypalcheckout' shortcode in all versions up to, and including, 1.2.3.35 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...

WordPress Easy PayPal Buy Now Button Plugin <= 1.7.3 is vulnerable to Cross Site Scripting (XSS)

Software Easy PayPal Buy Now Button Type Plugin Vulnerable versions = 1.7.3 Fixed in 1.7.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4628 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 5be7732f69eb Credits István...