59 matches found
CVE-2026-41471
The CVE concerns the Easy PayPal Events & Tickets WordPress plugin (version 1.3 and earlier). A vulnerability in the QR code scanning endpoint (scan_qr.php) allows unauthenticated attackers to enumerate and retrieve all customer order records by iterating sequential WordPress post IDs, exposing s...
CVE-2026-41471 Easy PayPal Events & Tickets < 1.4 Information Disclosure via QR Code Endpoint
The Easy PayPal Events & Tickets plugin for WordPress before version 1.4 contains an information disclosure vulnerability in the QR code scanning endpoint that allows unauthenticated attackers to enumerate and retrieve all customer order records. Attackers can iterate over sequential WordPress po...
WordPress plugin Easy PayPal Events & Tickets 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
EUVD-2023-56383
Malicious code in bioql PyPI...
EUVD-2025-13760
Malicious code in bioql PyPI...
EUVD-2024-40129
Malicious code in bioql PyPI...
EUVD-2024-49207
Malicious code in bioql PyPI...
EUVD-2025-13808
Malicious code in bioql PyPI...
EUVD-2023-51371
Malicious code in bioql PyPI...
EUVD-2022-51958
Malicious code in bioql PyPI...
CVE-2024-43236
URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Scott Paterson Easy PayPal Buy Now Button.This issue affects Easy PayPal Buy Now Button: from n/a through 1.9...
CVE-2024-1719
The Easy PayPal & Stripe Buy Now Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.3 and in Contact Form 7 – PayPal & Stripe Add-on all versions up to, and including 2.1. This is due to missing or incorrect nonce validation on the...
CVE-2024-8476
The Easy PayPal Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the wpeeventpluginbuttons function. This makes it possible for unauthenticated attackers to delete arbitrary...
CVE-2023-51683
Cross-Site Request Forgery CSRF vulnerability in Scott Paterson Easy PayPal & Stripe Buy Now Button.This issue affects Easy PayPal & Stripe Buy Now Button: from n/a through 1.8.1...
CVE-2023-47239
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Scott Paterson Easy PayPal Shopping Cart plugin = 1.1.10 versions...
CVE-2022-4628
The Easy PayPal Buy Now Button WordPress plugin before 1.7.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
CVE-2025-47623
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Scott Paterson Easy PayPal Buy Now Button wp-ecommerce-paypal allows Stored XSS.This issue affects Easy PayPal Buy Now Button: from n/a through = 2.0...
CVE-2025-47519
Cross-Site Request Forgery CSRF vulnerability in Scott Paterson Easy PayPal Events easy-paypal-events-tickets allows Cross Site Request Forgery.This issue affects Easy PayPal Events: from n/a through = 1.2.2...
CVE-2025-47623
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Scott Paterson Easy PayPal Buy Now Button wp-ecommerce-paypal allows Stored XSS.This issue affects Easy PayPal Buy Now Button: from n/a through = 2.0...
CVE-2025-47519
Cross-Site Request Forgery CSRF vulnerability in Scott Paterson Easy PayPal Events easy-paypal-events-tickets allows Cross Site Request Forgery.This issue affects Easy PayPal Events: from n/a through = 1.2.2...