CVE-2025-7820 SKT PayPal for WooCommerce <= 1.4 - Unauthenticated Payment Bypass

The SKT PayPal for WooCommerce plugin for WordPress is vulnerable to Payment Bypass in all versions up to, and including, 1.4. This is due to the plugin only enforcing client side controls instead of server-side controls when processing payments. This makes it possible for unauthenticated attacke...

EUVD-2019-5916

Malware in sbrugna...

EUVD-2019-5917

Malware in sbrugna...

EUVD-2015-9086

Malware in sbrugna...

EUVD-2023-0805

Malicious code in bioql PyPI...

EUVD-2022-4207

Malicious code in bioql PyPI...

EUVD-2022-24583

Malicious code in bioql PyPI...

EUVD-2023-31236

Malicious code in bioql PyPI...

WordPress Accept Donations with PayPal plugin Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress Accept Donations with PayPal plugin, which stems from the WEB application not adequately verifying that a...

PT-2025-20140 · WordPress · Contact Form 7 – Paypal & Stripe Add-On

Name of the Vulnerable Software and Affected Versions: Contact Form 7 – PayPal & Stripe Add-on versions through 2.3.4 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS, which allows Stored XSS. This means an...

MAL-2025-1913 Malicious code in paypal-expanded-integration-backend-node (npm)

--- -= Per source details. Do not edit below this line.=-...

CVE-2024-11895 Online Payments – Get Paid with PayPal, Square & Stripe <= 3.20.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Online Payments – Get Paid with PayPal, Square & Stripe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.20.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes...

MAL-2025-1160 Malicious code in paypal-js-advanced-integration-ib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f3b3d606a46036e08dc78fd5e2e8fe3694d1607d120c062343a2868294d3c9c4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-1164 Malicious code in paypal-standard-integration-react-ib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6521cab55325b37c4d38ef5d9c7136a36024b1e4615b1ef885089e708edf6376 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-1163 Malicious code in paypal-standard-integration (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 45bb803ebb8e266ab790d8a7ab7ad62d31675c7ed376f7a50bb88c0110816fb5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

BloodBank 1.0 Cross Site Scripting

====================================================================================================================================== | Title : BloodBank v1.0 - Blood Donor Directory CMS with PayPal Integration XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro /...

BloodBank 1.0 Insecure Direct Object Reference

====================================================================================================================================== | Title : BloodBank v1.0 - Blood Donor Directory CMS with PayPal Integration unauthorized administrative access Vulnerability | | Author : indoushka | | Tested on...

PT-2023-19567 · WordPress · Scott Paterson Contact Form 7 – Paypal & Stripe Add-On

Name of the Vulnerable Software and Affected Versions: Scott Paterson Contact Form 7 – PayPal & Stripe Add-on plugin versions prior to 1.9.4 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into...

CVE-2023-23941

SwagPayPal is a PayPal integration for shopware/platform. If JavaScript-based PayPal checkout methods are used PayPal Plus, Smart Payment Buttons, SEPA, Pay Later, Venmo, Credit card, the amount and item list sent to PayPal may not be identical to the one in the created order. The problem has bee...

Design/Logic Flaw

SwagPayPal is a PayPal integration for shopware/platform. If JavaScript-based PayPal checkout methods are used PayPal Plus, Smart Payment Buttons, SEPA, Pay Later, Venmo, Credit card, the amount and item list sent to PayPal may not be identical to the one in the created order. The problem has bee...