EUVD-2025-21942

Malicious code in bioql PyPI...

CVE-2025-7669 Avishi WP PayPal Payment Button <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Avishi WP PayPal Payment Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0. This is due to missing or incorrect nonce validation on the 'avishi-wp-paypal-payment-button/index.php' page. This makes it possible for unauthenticated...

CVE-2025-7669

CVE-2025-7669 affects the Avishi WP PayPal Payment Button plugin for WordPress. It is a Cross-Site Request Forgery (CSRF) vulnerability caused by missing or incorrect nonce validation on avishi-wp-paypal-payment-button/index.php, enabling unauthenticated attackers to update settings and inject ma...

PT-2025-30113 · WordPress · Avishi Wp Paypal Payment Button

Name of the Vulnerable Software and Affected Versions: Avishi WP PayPal Payment Button versions prior to 2.1 Description: The Avishi WP PayPal Payment Button plugin for WordPress is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation on the...

WordPress Booking Calendar Contact Form 1.0.23 Blind SQL Injection

Exploit Title: Wordpress booking calendar contact form =v1.0.23 - Unauthenticated blind SQL injection Date: 2016-02-08 Google Dork: Index of /wp-content/plugins/booking-calendar-contact-form Exploit Author: Joaquin Ramirez Martinez i0 SEC-LABORATORY Vendor Homepage: http://wordpress.dwbooster.com...

WordPress Plugin Booking Calendar Contact Form 1.0.23 - Multiple Vulnerabilities

WordPress Plugin Booking Calendar Contact Form 1.0.23 - Multiple Vulnerabilities Exploit Title: Wordpress booking calendar contact form =v1.0.23 - Unauthenticated blind SQL injection Date: 2016-02-08 Google Dork: Index of /wp-content/plugins/booking-calendar-contact-form Exploit Author: Joaquin...