CVE-2015-7666
CVE-2015-7666 documents multiple XSS vulnerabilities in the WordPress plugin Payment Form for PayPal Pro (before 1.0.2). The flaw resides in cp_ppp_admin_int_message_list.inc.php functions cp_updateMessageItem and cp_deleteMessageItem, where the cal parameter can be exploited to inject arbitrary ...