Lucene search
K

84 matches found

Vulnrichment
Vulnrichment
added 2026/01/28 6:43 a.m.5 views

CVE-2026-1295 Buy Now Plus <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Buy Now Plus – Buy Now buttons for Stripe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'buynowplus' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on shortcode attributes. This makes it possible for...

6.4CVSS6AI score0.0027EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/28 6:43 a.m.34 views

CVE-2026-1295 Buy Now Plus <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Buy Now Plus – Buy Now buttons for Stripe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'buynowplus' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on shortcode attributes. This makes it possible for...

6.4CVSS0.0027EPSS
Exploits0References4
EUVD
EUVD
added 2026/01/28 6:43 a.m.8 views

EUVD-2026-4906

The Buy Now Plus – Buy Now buttons for Stripe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'buynowplus' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on shortcode attributes. This makes it possible for...

6.4CVSS6AI score0.0027EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/01/28 1:38 a.m.11 views

WordPress Buy Now Plus plugin <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by theviper17y in WordPress Plugin Buy Now Plus versions = 1.0.2...

6.4CVSS5.9AI score0.0027EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/28 12:0 a.m.11 views

PT-2026-5069

The Buy Now Plus – Buy Now buttons for Stripe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'buynowplus' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on shortcode attributes. This makes it possible for...

6.4CVSS6AI score0.0027EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/01/28 12:0 a.m.6 views

WordPress Plugin: Buy Now Plus – Cross-Site Script Vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.7AI score0.0027EPSS
Exploits0References5
OSV
OSV
added 2025/10/08 5:15 p.m.5 views

CVE-2025-11486

A vulnerability was identified in SourceCodester Farm Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /buyNow.php. Such manipulation of the argument Name leads to sql injection. The attack can be launched remotely. The exploit is publicly available an...

9.8CVSS5.8AI score0.00316EPSS
Exploits1References5
CVE
CVE
added 2025/10/08 5:2 p.m.14 views

CVE-2025-11486

CVE-2025-11486 affects SourceCodester Farm Management System 1.0. The vulnerability is in the /buyNow.php file, where manipulation of the Name parameter enables a SQL injection. It is described as remotely exploitable, with a publicly available exploit. The Red Hat/NVD/CVE records and related fee...

9.8CVSS6.8AI score0.00316EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2025/10/08 5:2 p.m.9 views

CVE-2025-11486 SourceCodester Farm Management System buyNow.php sql injection

A vulnerability was identified in SourceCodester Farm Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /buyNow.php. Such manipulation of the argument Name leads to sql injection. The attack can be launched remotely. The exploit is publicly available an...

6.5CVSS0.00316EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-13760

Malicious code in bioql PyPI...

5.9CVSS6.9AI score0.00226EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-56383

Malicious code in bioql PyPI...

8.8CVSS6.6AI score0.00221EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-40129

Malicious code in bioql PyPI...

4.7CVSS6.5AI score0.00296EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:28 a.m.7 views

CVE-2024-43236

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Scott Paterson Easy PayPal Buy Now Button.This issue affects Easy PayPal Buy Now Button: from n/a through 1.9...

4.7CVSS6.8AI score0.00296EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 9:40 a.m.7 views

CVE-2024-1719

The Easy PayPal & Stripe Buy Now Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.3 and in Contact Form 7 – PayPal & Stripe Add-on all versions up to, and including 2.1. This is due to missing or incorrect nonce validation on the...

4.3CVSS6.3AI score0.00297EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:59 a.m.5 views

CVE-2023-51683

Cross-Site Request Forgery CSRF vulnerability in Scott Paterson Easy PayPal & Stripe Buy Now Button.This issue affects Easy PayPal & Stripe Buy Now Button: from n/a through 1.8.1...

8.8CVSS6.7AI score0.00221EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:21 a.m.9 views

CVE-2022-4628

The Easy PayPal Buy Now Button WordPress plugin before 1.7.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

5.4CVSS5.9AI score0.00477EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/09 3:26 p.m.11 views

CVE-2025-47623

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Scott Paterson Easy PayPal Buy Now Button wp-ecommerce-paypal allows Stored XSS.This issue affects Easy PayPal Buy Now Button: from n/a through = 2.0...

5.9CVSS7.2AI score0.00226EPSS
Exploits0References1
NVD
NVD
added 2025/05/07 3:16 p.m.14 views

CVE-2025-47623

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Scott Paterson Easy PayPal Buy Now Button wp-ecommerce-paypal allows Stored XSS.This issue affects Easy PayPal Buy Now Button: from n/a through = 2.0...

5.9CVSS0.00226EPSS
Exploits0References1
OSV
OSV
added 2025/05/07 3:16 p.m.3 views

CVE-2025-47623

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Scott Paterson Easy PayPal Buy Now Button allows Stored XSS. This issue affects Easy PayPal Buy Now Button: from n/a through 2.0...

4.8CVSS7.3AI score
Exploits0References1
Patchstack
Patchstack
added 2025/05/07 3:5 p.m.9 views

WordPress Easy PayPal Buy Now Button plugin <= 2.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin Easy PayPal Buy Now Button versions = 2.0...

5.9CVSS7.1AI score0.00226EPSS
Exploits0Affected Software1
Rows per page
Query Builder