Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
paypal vulnerabilities and exploits
(subscribe to this query)
5.8
CVSSv2
CVE-2012-5788
The PayPal IPN utility does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitrary valid certificate, r...
Paypal Ipn -
5
CVSSv2
CVE-2012-2058
The Ubercart Payflow module for Drupal does not use a secure token, which allows remote malicious users to forge payments via unspecified vectors.
Paypal Ubercart Payflow -
2.9
CVSSv2
CVE-2010-4211
The PayPal app prior to 3.0.1 for iOS does not verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle malicious users to spoof a PayPal web server via an arbitrary certificate.
Ebay Paypal
NA
CVE-2023-35917
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce PayPal Payments plugin <= 2.0.4 versions.
Woocommerce Paypal Payments
7.5
CVSSv2
CVE-2020-14092
The CodePeople Payment Form for PayPal Pro plugin prior to 1.1.65 for WordPress allows SQL Injection.
Ithemes Paypal Pro
NA
CVE-2022-21129
Versions of the package nemo-appium prior to 0.0.9 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports.setup' function. **Note:** In order to exploit this vulnerability appium-running 0.1.3 has to be installed as one of nemo-app...
Paypal Nemo-appium
7.5
CVSSv2
CVE-2005-1362
Multiple SQL injection vulnerabilities in MetaCart 2.0 for Paypal allow remote malicious users to execute arbitrary SQL commands via the (1) intProdID parameter to product.asp, (2) intCatalogID or (3) strSubCatalogID parameters to productsByCategory.asp, (4) chkText, (5) strText,...
Metalinks Metacart2 Paypal
5.8
CVSSv2
CVE-2012-5789
PayPal Payments Standard PHP Library prior to 20120427 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via a...
Paypal Payments Standard -
NA
CVE-2023-28843
PrestaShop/paypal is an open source module for the PrestaShop web commerce ecosystem which provides paypal payment support. A SQL injection vulnerability found in the PrestaShop paypal module from release from 3.12.0 to and including 3.16.3 allow a remote malicious user to gain p...
202-ecommerce Paypal
5.8
CVSSv2
CVE-2012-5787
The PayPal merchant SDK does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitrary valid certificate.
Paypal Merchant Sdk -
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »