Lucene search
K

10 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 6:38 a.m.7 views

CVE-2024-7861

The Misiek Paypal WordPress plugin through 1.1.20090324 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

6.1CVSS5.8AI score0.00177EPSS
Exploits1References1
NVD
NVD
added 2024/09/12 6:15 a.m.24 views

CVE-2024-7861

The Misiek Paypal WordPress plugin through 1.1.20090324 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

6.1CVSS0.00177EPSS
Exploits1References1
OSV
OSV
added 2024/09/12 6:15 a.m.4 views

CVE-2024-7861

The Misiek Paypal WordPress plugin through 1.1.20090324 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

6.1CVSS5.8AI score0.00177EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/09/12 6:0 a.m.26 views

CVE-2024-7861 Misiek Paypal <= 1.1.20090324 - Stored XSS via CSRF

The Misiek Paypal WordPress plugin through 1.1.20090324 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

0.00177EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/09/12 6:0 a.m.12 views

CVE-2024-7861 Misiek Paypal <= 1.1.20090324 - Stored XSS via CSRF

The Misiek Paypal WordPress plugin through 1.1.20090324 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

5.9AI score0.00177EPSS
Exploits1References1
CVE
CVE
added 2024/09/12 6:0 a.m.51 views

CVE-2024-7861

CVE-2024-7861 affects the Misiek Paypal WordPress plugin up to version 1.1.20090324. The Red Hat/NVD entries describe a lack of CSRF checks in some areas, combined with insufficient sanitisation and escaping, enabling a logged-in admin to store a Cross-Site Scripting payload via CSRF. Exploitatio...

6.1CVSS6.2AI score0.00177EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2024/09/12 12:0 a.m.5 views

WordPress plugin Misiek Paypal 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.1CVSS6.7AI score0.00177EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/09/11 12:0 a.m.5 views

PT-2024-38638 · WordPress · Misiek Paypal Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Misiek Paypal WordPress plugin versions through 1.1.20090324 Description: The issue is related to the lack of CSRF checks in some places, as well as missing sanitization and escaping, which could allow attackers to make logged-in admins add...

6.1CVSS5.7AI score0.00177EPSS
Exploits1References6
Patchstack
Patchstack
added 2024/08/27 1:40 a.m.4 views

WordPress Misiek Paypal plugin <= 1.1.20090324 - Stored XSS via CSRF vulnerability

Stored XSS via CSRF vulnerability discovered by Daniel Ruf in WordPress Plugin Misiek Paypal versions = 1.1.20090324...

6.1CVSS6AI score0.00177EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2024/08/27 12:0 a.m.13 views

WordPress Misiek Paypal Plugin <= 1.1.20090324 is vulnerable to Cross Site Request Forgery (CSRF)

Software Misiek Paypal Type Plugin Vulnerable versions = 1.1.20090324 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-7861 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 2187aca65d0c Credits Daniel Ruf Requir...

6.1CVSS6.7AI score0.00177EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder