47 matches found
CVE-2025-23655
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in crystalwebpro Contact Form 7 – Paystack Add-on cf7-paystack-add-on allows Reflected XSS.This issue affects Contact Form 7 – Paystack Add-on: from n/a through = 1.2.3...
EUVD-2025-3319
Malicious code in bioql PyPI...
EUVD-2024-29951
Malicious code in bioql PyPI...
EUVD-2025-10491
Malicious code in bioql PyPI...
EUVD-2023-57957
Malicious code in bioql PyPI...
EUVD-2025-8462
Malicious code in bioql PyPI...
MAL-2025-45529 Malicious code in paystack-music (npm)
The package paystack-music was found to contain malicious code...
Malicious code in paystack-music (npm)
The package paystack-music was found to contain malicious code...
CVE-2024-32130
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Paystack Payment Forms for Paystack allows Stored XSS.This issue affects Payment Forms for Paystack: from n/a through 3.4.1...
CVE-2023-5665
The Payment Forms for Paystack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-10894
The Payment Forms for Paystack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes like 'datepicker', 'textarea', and 'text' in all versions up to, and including, 4.0.2 due to insufficient input sanitization and output escaping on user supplied attributes...
CVE-2024-10894
The Payment Forms for Paystack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes like 'datepicker', 'textarea', and 'text' in all versions up to, and including, 4.0.2 due to insufficient input sanitization and output escaping on user supplied attributes...
CVE-2024-10894
CVE-2024-10894 affects the WordPress plugin Payment Forms for Paystack. It is a stored XSS via shortcode attributes (datepicker, textarea, text) in all versions up to 4.0.2 due to insufficient input sanitization and output escaping. Exploitation requires authenticated access at contributor level ...
CVE-2024-10894 Payment Forms for Paystack <= 4.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Payment Forms for Paystack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes like 'datepicker', 'textarea', and 'text' in all versions up to, and including, 4.0.2 due to insufficient input sanitization and output escaping on user supplied attributes...
CVE-2024-10894 Payment Forms for Paystack <= 4.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Payment Forms for Paystack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes like 'datepicker', 'textarea', and 'text' in all versions up to, and including, 4.0.2 due to insufficient input sanitization and output escaping on user supplied attributes...
PT-2025-15918 · WordPress · Payment Forms For Paystack
Name of the Vulnerable Software and Affected Versions: Payment Forms for Paystack plugin for WordPress versions up to, and including, 4.0.2 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes in th...
WordPress plugin Payment Forms for Paystack 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
CVE-2025-22652
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in kendysond Payment Forms for Paystack payment-forms-for-paystack allows SQL Injection.This issue affects Payment Forms for Paystack: from n/a through = 4.0.1...
CVE-2025-22652
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in kendysond Payment Forms for Paystack payment-forms-for-paystack allows SQL Injection.This issue affects Payment Forms for Paystack: from n/a through = 4.0.1...
CVE-2025-22652
CVE-2025-22652 is a SQL Injection vulnerability in the WordPress plugin Payment Forms for Paystack (vulnerable up to and including 4.0.1). The root cause, as detailed in the exploit repo, is unsafely inserting a URL parameter (order) directly into an SQL query without input validation/escaping in...