WordPress Payment Button for PayPal plugin <= 1.2.3.41 - Missing Authorization to Unauthenticated Arbitrary Order Creation vulnerability

Missing Authorization to Unauthenticated Arbitrary Order Creation vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Payment Button for PayPal versions = 1.2.3.41...

CVE-2025-14463

CVE-2025-14463 affects the WordPress plugin “Payment Button for PayPal” (versions up to and including 1.2.3.41). The vulnerability arises from a publicly exposed AJAX endpoint (wppaypalcheckout_ajax_process_order) that processes checkout results without authentication or server-side verification,...

CVE-2025-14463 Payment Button for PayPal <= 1.2.3.41 - Missing Authorization to Unauthenticated Arbitrary Order Creation

The Payment Button for PayPal plugin for WordPress is vulnerable to unauthorized order creation in all versions up to, and including, 1.2.3.41. This is due to the plugin exposing a public AJAX endpoint wppaypalcheckoutajaxprocessorder that processes checkout results without any authentication or...

WordPress plugin “Payment Button for PayPal” has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

EUVD-2023-26815

Malicious code in bioql PyPI...

WordPress plugin Avishi WP PayPal Payment Button 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

CVE-2023-22686

Cross-Site Request Forgery CSRF vulnerability in TriniTronic Nice PayPal Button Lite plugin = 1.3.5 versions...

PT-2025-2157 · WordPress · Payment Button For Paypal

Name of the Vulnerable Software and Affected Versions: Payment Button for PayPal plugin for WordPress versions up to, and including, 1.2.3.35 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the wp paypal checkout shortcode. Thi...

WordPress Payment Button for PayPal plugin <= 1.2.3.35 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by yudha in WordPress Plugin Payment Button for PayPal versions = 1.2.3.35...

CVE-2024-5447

The PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowe...

CVE-2023-22686

Cross-Site Request Forgery CSRF vulnerability in TriniTronic Nice PayPal Button Lite plugin = 1.3.5 versions...

CVE-2023-22686

Cross-Site Request Forgery CSRF vulnerability in TriniTronic Nice PayPal Button Lite plugin = 1.3.5 versions...

CVE-2023-22686

CVE-2023-22686 affects the WordPress plugin “Nice PayPal Button Lite” (TriniTronic) up to version 1.3.5. The root cause is a CSRF vulnerability due to insufficient CSRF checks in the plugin, enabling an attacker to coax a user into performing unintended actions on a site the user is authenticated...

CVE-2023-22686 WordPress Nice PayPal Button Lite Plugin <= 1.3.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in TriniTronic Nice PayPal Button Lite plugin = 1.3.5 versions...

WordPress Plugin Nice PayPal Button Lite 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site request forge...

PT-2023-18631 · WordPress · Trinitronic Nice Paypal Button Lite

Name of the Vulnerable Software and Affected Versions: TriniTronic Nice PayPal Button Lite plugin versions 1.3.5 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintend...

CVE-2022-4628

The Easy PayPal Buy Now Button WordPress plugin before 1.7.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

WordPress plugin Easy PayPal Buy Now Button 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

WordPress Nice PayPal Button Lite Plugin <= 1.3.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Nice PayPal Button Lite Type Plugin Vulnerable versions = 1.3.5 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-22686 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 497c643d4eec Credits Mika Required...

Easy PayPal Buy Now Button < 1.7.4 - Contributor+ Stored XSS in Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC wpecpp name="' accesskey='X'...