4 matches found
CVE-2022-4628
The Easy PayPal Buy Now Button WordPress plugin before 1.7.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
CVE-2022-4628
The CVE-2022-4628 entry covers a Stored Cross-Site Scripting vulnerability in the WordPress plugin Easy PayPal Buy Now Button prior to version 1.7.4. Multiple sources confirm that the plugin fails to validate and escape certain shortcode attributes before rendering them on post/pages, enabling us...
CVE-2022-4628 Easy PayPal Buy Now Button < 1.7.4 - Contributor+ Stored XSS in Shortcode
The Easy PayPal Buy Now Button WordPress plugin before 1.7.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
CVE-2022-4628 Easy PayPal Buy Now Button < 1.7.4 - Contributor+ Stored XSS in Shortcode
The Easy PayPal Buy Now Button WordPress plugin before 1.7.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...