CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

14 matches found

RedhatCVE•added 2026/03/26 3:12 p.m.•2 views

CVE-2026-3617

The Paypal Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'amount' and 'name' shortcode attributes in all versions up to, and including, 0.3. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. The...

6.4CVSS6AI score0.00054EPSS

Exploits0References1

EUVD•added 2026/03/21 6:30 a.m.•1 views

EUVD-2026-14172

6.4CVSS6AI score0.00054EPSS

Exploits0References8

NVD•added 2026/03/21 4:17 a.m.•0 views

CVE-2026-3617

6.4CVSS0.00054EPSS

Exploits0References7

ATTACKERKB•added 2026/03/21 3:26 a.m.•1 views

CVE-2026-3617

6.4CVSS6AI score0.00054EPSS

Exploits0References8

Cvelist•added 2026/03/21 3:26 a.m.•22 views

CVE-2026-3617 Paypal Shortcodes <= 0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'amount' and 'name' Shortcode Attributes

6.4CVSS0.00054EPSS

Exploits0References7

CVE•added 2026/03/21 3:26 a.m.•1 views

CVE-2026-3617

The CVE-2026-3617 entry concerns the Paypal Shortcode plugin for WordPress, with Stored Cross-Site Scripting in all versions up to 0.3. The root cause is insufficient input sanitization and output escaping of user-supplied shortcode attributes (amount and name). The swer_paypal_shortcode() functi...

6.4CVSS6AI score0.00054EPSS

Exploits0References7

Vulnrichment•added 2026/03/21 3:26 a.m.•1 views

CVE-2026-3617 Paypal Shortcodes <= 0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'amount' and 'name' Shortcode Attributes

6.4CVSS6AI score0.00054EPSS

Exploits0References7

Positive Technologies•added 2026/03/21 12:0 a.m.•2 views

PT-2026-26861

6.4CVSS6AI score0.00054EPSS

Exploits0References8

CNNVD•added 2026/03/21 12:0 a.m.•4 views

WordPress plugin Paypal Shortcode 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.4CVSS5.7AI score0.00054EPSS

Exploits0References7

EUVD•added 2025/12/12 6:31 a.m.•2 views

EUVD-2025-202977

The Paypal Payment Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'buttomimage' parameter of the paypal-shortcode shortcode in all versions up to, and including, 1.01 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS4.7AI score0.00041EPSS

Exploits0References6

NVD•added 2025/12/12 4:15 a.m.•2 views

CVE-2025-13966

6.4CVSS0.00041EPSS

Exploits0References5

Cvelist•added 2025/12/12 3:20 a.m.•24 views

CVE-2025-13966 Paypal Payment Shortcode <= 1.01 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'buttom_image' Shortcode Attribute

6.4CVSS0.00041EPSS

Exploits0References5

OSV•added 2024/06/21 6:15 a.m.•0 views

CVE-2024-5448

The PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode WordPress plugin through 1.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perfo...

5.4CVSS5.8AI score

Exploits0References1

CNNVD•added 2024/06/21 12:0 a.m.•2 views

WordPress plugin PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode security vulnerability

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in the WordPress plugin PayPal Pay Now, Buy Now, Donation...

5.4CVSS6.7AI score0.00171EPSS

Exploits2References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by