Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
paypal vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2018-1081
A flaw was found in Moodle 3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, 3.1 to 3.1.10 and previous versions unsupported versions. Unauthenticated users can trigger custom messages to admin via paypal enrol script. Paypal IPN callback script should only send error emails to admin aft...
Moodle Moodle
10
CVSSv2
CVE-2004-2247
Unknown vulnerability in the "admin of paypal email addresses" in AudienceConnect prior to 1.0.beta.21 has unknown impact and attack vectors.
Goosequill Audienceconnect 1.0.beta.20
4
CVSSv2
CVE-2021-40579
https://www.sourcecodester.com/ Online Enrollment Management System in PHP and PayPal Free Source Code 1.0 is affected by: Incorrect Access Control. The impact is: gain privileges (remote).
Online Enrollment Management System Project Online Enrollment Management System 1.0
7.5
CVSSv2
CVE-2007-3119
SQL injection vulnerability in news.asp in Kartli Alisveris Sistemi (aka Free-PayPal-Shopping-Cart) 1.0 allows remote malicious users to execute arbitrary SQL commands via the news_id parameter.
Kartli Alisveris Sistemi Kartli Alisveris Sistemi 1.0
1 EDB exploit
NA
CVE-2024-1719
The Easy PayPal & Stripe Buy Now Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.3 and in Contact Form 7 – PayPal & Stripe Add-on all versions up to, and including 2.1. This is due to missing or incor...
10
CVSSv2
CVE-2007-2824
SQL injection vulnerability in paypal.php in AlstraSoft E-Friends 4.21 and previous versions allows remote malicious users to execute arbitrary SQL commands via the pack parameter in a paypal action for index.php.
Alstrasoft E-friends
1 EDB exploit
3.5
CVSSv2
CVE-2021-24478
The Bookshelf WordPress plugin up to and including 2.0.4 does not sanitise or escape its "Paypal email address" setting before outputting it in the page, leading to an authenticated Stored Cross-Site Scripting issue
Bookshelf Project Bookshelf
4.3
CVSSv2
CVE-2022-1250
The LifterLMS PayPal WordPress plugin prior to 1.4.0 does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross-Site Scripting issue
Lifterlms Lifterlms
4.3
CVSSv2
CVE-2012-4932
Multiple cross-site scripting (XSS) vulnerabilities in SimpleInvoices before stable-2012-1-CIS3000 allow remote malicious users to inject arbitrary web script or HTML via (1) the having parameter in a manage action to index.php; (2) the Email field in an Add User action; (3) the ...
Simple Invoices Simple Invoices
Simple Invoices Simple Invoices 2007-05-25
Simple Invoices Simple Invoices 2007-01-25
Simple Invoices Simple Invoices 2006-12-11
Simple Invoices Simple Invoices 2007-02-02
1 EDB exploit
6.5
CVSSv2
CVE-2021-24390
A proid GET parameter of the WordPress???Alipay|???Tenpay|??PayPal???? WordPress plugin up to and including 3.7.2 is not sanitised, properly escaped or validated before inserting to a SQL statement not delimited by quotes, leading to SQL injection.
Alipay Project Alipay
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »