Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
paypal paypal vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-29130
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scott Paterson Contact Form 7 – PayPal & Stripe Add-on allows Reflected XSS.This issue affects Contact Form 7 – PayPal & Stripe Add-on: from n/a up ...
NA
CVE-2022-36284
Authenticated IDOR vulnerability in StoreApps Affiliate For WooCommerce premium plugin <= 4.7.0 at WordPress allows an malicious user to change the PayPal email. WooCommerce PayPal Payments plugin (free) should be at least installed to get the extra input field on the user pro...
Storeapps Affiliate For Woocommerce
5
CVSSv2
CVE-2018-1081
A flaw was found in Moodle 3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, 3.1 to 3.1.10 and previous versions unsupported versions. Unauthenticated users can trigger custom messages to admin via paypal enrol script. Paypal IPN callback script should only send error emails to admin aft...
Moodle Moodle
10
CVSSv2
CVE-2004-2247
Unknown vulnerability in the "admin of paypal email addresses" in AudienceConnect prior to 1.0.beta.21 has unknown impact and attack vectors.
Goosequill Audienceconnect 1.0.beta.20
4
CVSSv2
CVE-2021-40579
https://www.sourcecodester.com/ Online Enrollment Management System in PHP and PayPal Free Source Code 1.0 is affected by: Incorrect Access Control. The impact is: gain privileges (remote).
Online Enrollment Management System Project Online Enrollment Management System 1.0
7.5
CVSSv2
CVE-2007-3119
SQL injection vulnerability in news.asp in Kartli Alisveris Sistemi (aka Free-PayPal-Shopping-Cart) 1.0 allows remote malicious users to execute arbitrary SQL commands via the news_id parameter.
Kartli Alisveris Sistemi Kartli Alisveris Sistemi 1.0
1 EDB exploit
NA
CVE-2024-1719
The Easy PayPal & Stripe Buy Now Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.3 and in Contact Form 7 – PayPal & Stripe Add-on all versions up to, and including 2.1. This is due to missing or incor...
10
CVSSv2
CVE-2007-2824
SQL injection vulnerability in paypal.php in AlstraSoft E-Friends 4.21 and previous versions allows remote malicious users to execute arbitrary SQL commands via the pack parameter in a paypal action for index.php.
Alstrasoft E-friends
1 EDB exploit
3.5
CVSSv2
CVE-2021-24478
The Bookshelf WordPress plugin up to and including 2.0.4 does not sanitise or escape its "Paypal email address" setting before outputting it in the page, leading to an authenticated Stored Cross-Site Scripting issue
Bookshelf Project Bookshelf
4.3
CVSSv2
CVE-2022-1250
The LifterLMS PayPal WordPress plugin prior to 1.4.0 does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross-Site Scripting issue
Lifterlms Lifterlms
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »