CVE-2025-14463

The Payment Button for PayPal plugin for WordPress is vulnerable to unauthorized order creation in all versions up to, and including, 1.2.3.41. This is due to the plugin exposing a public AJAX endpoint wppaypalcheckoutajaxprocessorder that processes checkout results without any authentication or...

EUVD-2021-15888

Malware in sbrugna...

EUVD-2025-21942

Malicious code in bioql PyPI...

CVE-2025-7669

CVE-2025-7669 affects the Avishi WP PayPal Payment Button plugin for WordPress. It is a Cross-Site Request Forgery (CSRF) vulnerability caused by missing or incorrect nonce validation on avishi-wp-paypal-payment-button/index.php, enabling unauthenticated attackers to update settings and inject ma...

CVE-2025-7669 Avishi WP PayPal Payment Button <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Avishi WP PayPal Payment Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0. This is due to missing or incorrect nonce validation on the 'avishi-wp-paypal-payment-button/index.php' page. This makes it possible for unauthenticated...

PT-2025-30113 · WordPress · Avishi Wp Paypal Payment Button

Name of the Vulnerable Software and Affected Versions: Avishi WP PayPal Payment Button versions prior to 2.1 Description: The Avishi WP PayPal Payment Button plugin for WordPress is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation on the...

CVE-2024-10851

The Razorpay Payment Button Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.4.6. This makes it possible for unauthenticated attackers to injec...

CVE-2024-13401

CVE-2024-13401 affects the WordPress PayPal Payment Button plugin up to version 1.2.3.35. The vulnerability is a Stored XSS in the wp_paypal_checkout shortcode caused by insufficient input sanitization and output escaping on user-supplied attributes. Exploitation requires authenticated access at ...

CVE-2024-10851

The Razorpay Payment Button Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.4.6. This makes it possible for unauthenticated attackers to injec...

CVE-2024-10851

The Razorpay Payment Button Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.4.6. This makes it possible for unauthenticated attackers to injec...

CVE-2024-10850 Razorpay Payment Button for Elementor <= 1.2.5 - Reflected Cross-Site Scripting

The Razorpay Payment Button Elementor Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attacker...

CVE-2024-10850

CVE-2024-10850 affects the Razorpay Payment Button Elementor Plugin for WordPress. All versions up to and including 1.2.5 are vulnerable to Reflected Cross-Site Scripting due to improper escaping of URLs via add_query_arg/remove_query_arg, enabling unauthenticated attackers to inject scripts if a...

CVE-2024-10851 Razorpay Payment Button <= 2.4.6 - Reflected Cross-Site Scripting

The Razorpay Payment Button Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.4.6. This makes it possible for unauthenticated attackers to injec...

CVE-2024-10851

CVE-2024-10851 : Razorpay Payment Button Plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to and including 2.4.6 due to improper escaping when using add_query_arg/remove_query_arg. Unauthenticated attackers can inject scripts if a user is tricked into an act...

WordPress plugin Razorpay Payment Button Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

WordPress plugin Razorpay Payment Button 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

WordPress Razorpay Payment Button plugin <= 2.4.6 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin Razorpay Payment Button versions = 2.4.6...

WordPress Razorpay Payment Button Plugin <= 2.4.6 is vulnerable to Cross Site Scripting (XSS)

Software Razorpay Payment Button Type Plugin Vulnerable versions = 2.4.6 Fixed in 2.4.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10851 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 88605e5d5760 Credits Peter...

Simple Membership < 4.2.2 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin. PoC 1. Exploit...

Cross-site Scripting (XSS) - Reflected in btcpayserver/btcpayserver

✍️ Description XSS payload is triggered during editing and saving text included near the payment button. 🕵️‍♂️ Proof of Concept " In the app, settings try editing already included product. drop the payload in the Buy Button Text and save it hence the payload will be triggered. 💥 Impact Execution of...