10 matches found
CVE-2024-7861
The Misiek Paypal WordPress plugin through 1.1.20090324 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
CVE-2024-7861
The Misiek Paypal WordPress plugin through 1.1.20090324 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
CVE-2024-7861
The Misiek Paypal WordPress plugin through 1.1.20090324 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
CVE-2024-7861 Misiek Paypal <= 1.1.20090324 - Stored XSS via CSRF
The Misiek Paypal WordPress plugin through 1.1.20090324 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
CVE-2024-7861 Misiek Paypal <= 1.1.20090324 - Stored XSS via CSRF
The Misiek Paypal WordPress plugin through 1.1.20090324 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
CVE-2024-7861
CVE-2024-7861 affects the Misiek Paypal WordPress plugin up to version 1.1.20090324. The Red Hat/NVD entries describe a lack of CSRF checks in some areas, combined with insufficient sanitisation and escaping, enabling a logged-in admin to store a Cross-Site Scripting payload via CSRF. Exploitatio...
WordPress plugin Misiek Paypal 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2024-38638 · WordPress · Misiek Paypal Wordpress Plugin
Name of the Vulnerable Software and Affected Versions: Misiek Paypal WordPress plugin versions through 1.1.20090324 Description: The issue is related to the lack of CSRF checks in some places, as well as missing sanitization and escaping, which could allow attackers to make logged-in admins add...
WordPress Misiek Paypal plugin <= 1.1.20090324 - Stored XSS via CSRF vulnerability
Stored XSS via CSRF vulnerability discovered by Daniel Ruf in WordPress Plugin Misiek Paypal versions = 1.1.20090324...
WordPress Misiek Paypal Plugin <= 1.1.20090324 is vulnerable to Cross Site Request Forgery (CSRF)
Software Misiek Paypal Type Plugin Vulnerable versions = 1.1.20090324 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-7861 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 2187aca65d0c Credits Daniel Ruf Requir...