3 matches found
CVE-2024-7861 Misiek Paypal <= 1.1.20090324 - Stored XSS via CSRF
The Misiek Paypal WordPress plugin through 1.1.20090324 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
CVE-2024-7861 Misiek Paypal <= 1.1.20090324 - Stored XSS via CSRF
The Misiek Paypal WordPress plugin through 1.1.20090324 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
WordPress Misiek Paypal Plugin <= 1.1.20090324 is vulnerable to Cross Site Request Forgery (CSRF)
Software Misiek Paypal Type Plugin Vulnerable versions = 1.1.20090324 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-7861 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 2187aca65d0c Credits Daniel Ruf Requir...