Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
paypal paypal vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2022-3983
The Checkout for PayPal WordPress plugin prior to 1.0.14 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks
Noorsplugin Checkout For Paypal
6.1
CVSSv3
CVE-2015-9373
PayPal Pro Add-on for iThemes Exchange prior to 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
Webdevstudios Ithemes Paypal Pro
4.8
CVSSv3
CVE-2023-25702
Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25 versions.
Fullworksplugins Quick Paypal Payments
5.4
CVSSv3
CVE-2017-6213
paypal/invoice-sdk-php is vulnerable to reflected XSS in samples/permissions.php via the permToken parameter, resulting in code execution.
Paypal Php Invoice Sdk
NA
CVE-2005-0936
Cross-site scripting vulnerability in products1h.php in ESMI PayPal Storefront allows remote malicious users to inject arbitrary web script or HTML via the id parameter.
Esmi Paypal Storefront 1.7
1 EDB exploit
6.1
CVSSv3
CVE-2023-25713
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25 versions.
Fullworksplugins Quick Paypal Payments
6.1
CVSSv3
CVE-2022-48345
sanitize-url (aka @braintree/sanitize-url) prior to 6.0.2 allows XSS via HTML entities.
Paypal Braintree/sanitize-url
5.4
CVSSv3
CVE-2017-6215
paypal/permissions-sdk-php is vulnerable to reflected XSS in the samples/GetAccessToken.php verification_code parameter, resulting in code execution.
Paypal Php Permissions Sdk
8.8
CVSSv3
CVE-2023-22686
Cross-Site Request Forgery (CSRF) vulnerability in TriniTronic Nice PayPal Button Lite plugin <= 1.3.5 versions.
Trinitronic Nice Paypal Button Lite
4.3
CVSSv3
CVE-2021-24570
The Accept Donations with PayPal WordPress plugin prior to 1.3.1 offers a function to create donation buttons, which internally are posts. The process to create a new button is lacking a CSRF check. An attacker could use this to make an authenticated admin create a new button. Fu...
Wpplugin Accept Donations With Paypal
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3080
log injection
CVE-2024-6041
CVE-2024-37661
XML external entity
CVE-2024-0845
privilege escalation
CVE-2023-37057
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »