The plugins do not escape a page parameter before outputting it back in an attribute in various admin pages, leading to Reflected Cross-Site Scripting issues. The issues were reported to the vendor on August 10th, 2021
Example in easy-paypal-donation
CPE | Name | Operator | Version |
---|---|---|---|
subscriptions-memberships-for-paypal | lt | 1.1.3 | |
easy-paypal-donation | lt | 1.3.1 | |
easy-paypal-events-tickets | lt | 1.1.2 |