2 matches found
CVE-2024-9592 Easy PayPal Gift Certificate <= 1.2.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting via wpppgc_plugin_options
The Easy PayPal Gift Certificate plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the 'wpppgcpluginoptions' function. This makes it possible for unauthenticated attackers to update the...
WordPress Easy PayPal Gift Certificate Plugin <= 1.2.3 is vulnerable to Cross Site Scripting (XSS)
Software Easy PayPal Gift Certificate Type Plugin Vulnerable versions = 1.2.3 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9592 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e85fe46e59dc Credits István...