84 matches found
CVE-2026-1295 Buy Now Plus <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The Buy Now Plus – Buy Now buttons for Stripe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'buynowplus' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on shortcode attributes. This makes it possible for...
CVE-2026-1295 Buy Now Plus <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The Buy Now Plus – Buy Now buttons for Stripe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'buynowplus' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on shortcode attributes. This makes it possible for...
EUVD-2026-4906
The Buy Now Plus – Buy Now buttons for Stripe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'buynowplus' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on shortcode attributes. This makes it possible for...
WordPress Buy Now Plus plugin <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by theviper17y in WordPress Plugin Buy Now Plus versions = 1.0.2...
PT-2026-5069
The Buy Now Plus – Buy Now buttons for Stripe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'buynowplus' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on shortcode attributes. This makes it possible for...
WordPress Plugin: Buy Now Plus – Cross-Site Script Vulnerabilities
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2025-11486
A vulnerability was identified in SourceCodester Farm Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /buyNow.php. Such manipulation of the argument Name leads to sql injection. The attack can be launched remotely. The exploit is publicly available an...
CVE-2025-11486
CVE-2025-11486 affects SourceCodester Farm Management System 1.0. The vulnerability is in the /buyNow.php file, where manipulation of the Name parameter enables a SQL injection. It is described as remotely exploitable, with a publicly available exploit. The Red Hat/NVD/CVE records and related fee...
CVE-2025-11486 SourceCodester Farm Management System buyNow.php sql injection
A vulnerability was identified in SourceCodester Farm Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /buyNow.php. Such manipulation of the argument Name leads to sql injection. The attack can be launched remotely. The exploit is publicly available an...
EUVD-2025-13760
Malicious code in bioql PyPI...
EUVD-2023-56383
Malicious code in bioql PyPI...
EUVD-2024-40129
Malicious code in bioql PyPI...
CVE-2024-43236
URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Scott Paterson Easy PayPal Buy Now Button.This issue affects Easy PayPal Buy Now Button: from n/a through 1.9...
CVE-2024-1719
The Easy PayPal & Stripe Buy Now Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.3 and in Contact Form 7 – PayPal & Stripe Add-on all versions up to, and including 2.1. This is due to missing or incorrect nonce validation on the...
CVE-2023-51683
Cross-Site Request Forgery CSRF vulnerability in Scott Paterson Easy PayPal & Stripe Buy Now Button.This issue affects Easy PayPal & Stripe Buy Now Button: from n/a through 1.8.1...
CVE-2022-4628
The Easy PayPal Buy Now Button WordPress plugin before 1.7.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
CVE-2025-47623
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Scott Paterson Easy PayPal Buy Now Button wp-ecommerce-paypal allows Stored XSS.This issue affects Easy PayPal Buy Now Button: from n/a through = 2.0...
CVE-2025-47623
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Scott Paterson Easy PayPal Buy Now Button wp-ecommerce-paypal allows Stored XSS.This issue affects Easy PayPal Buy Now Button: from n/a through = 2.0...
CVE-2025-47623
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Scott Paterson Easy PayPal Buy Now Button allows Stored XSS. This issue affects Easy PayPal Buy Now Button: from n/a through 2.0...
WordPress Easy PayPal Buy Now Button plugin <= 2.0 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin Easy PayPal Buy Now Button versions = 2.0...