Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
paypal paypal - vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2008-6535
admin/settings.php in PayPal eStores allows remote malicious users to bypass intended access restrictions and change the administrative password via a direct request with a modified NewAdmin parameter.
Paypalestores Paypal Estores -
1 EDB exploit
5.8
CVSSv2
CVE-2012-5787
The PayPal merchant SDK does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitrary valid certificate.
Paypal Merchant Sdk -
5
CVSSv2
CVE-2006-0201
Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50, and possibly earlier versions, allows remote malicious users to enter false payment entries into the log file via HTTP POST requests to ipn_success.php.
Paypal Php Toolkit
7.5
CVSSv2
CVE-2020-14092
The CodePeople Payment Form for PayPal Pro plugin prior to 1.1.65 for WordPress allows SQL Injection.
Ithemes Paypal Pro
5.8
CVSSv2
CVE-2012-5789
PayPal Payments Standard PHP Library prior to 20120427 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via a...
Paypal Payments Standard -
5.8
CVSSv2
CVE-2012-5784
Apache Axis 1.4 and previous versions, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the sub...
Apache Axis 1.0
Paypal Mass Pay -
Apache Axis -
Apache Axis 1.1
Apache Axis 1.2
Paypal Transactional Information Soap -
Paypal Payments Pro -
Apache Axis 1.2.1
Apache Activemq
Apache Axis
Apache Axis 1.3
NA
CVE-2023-23889
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25 versions.
Fullworksplugins Quick Paypal Payments
NA
CVE-2022-48345
sanitize-url (aka @braintree/sanitize-url) prior to 6.0.2 allows XSS via HTML entities.
Paypal Braintree\\/sanitize-url
NA
CVE-2022-3983
The Checkout for PayPal WordPress plugin prior to 1.0.14 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks
Noorsplugin Checkout For Paypal
NA
CVE-2023-25702
Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25 versions.
Fullworksplugins Quick Paypal Payments
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »