Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
paypal paypal - vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-25713
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25 versions.
Fullworksplugins Quick Paypal Payments
7.5
CVSSv2
CVE-2005-0935
Multiple SQL injection vulnerabilities in ESMI PayPal Storefront allow remote malicious users to execute arbitrary SQL commands via the (1) idpages parameter to pages.php or the (2) id2 parameter to products1.php.
Esmi Paypal Storefront 1.7
2 EDB exploits
NA
CVE-2023-1554
The Quick Paypal Payments WordPress plugin prior to 5.7.26.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example ...
Fullworksplugins Quick Paypal Payments
5.8
CVSSv2
CVE-2012-5790
PayPal Payments Standard PHP Library 20120427 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitra...
Paypal Payments Standard 20120427
3.5
CVSSv2
CVE-2017-6213
paypal/invoice-sdk-php is vulnerable to reflected XSS in samples/permissions.php via the permToken parameter, resulting in code execution.
Paypal Php Invoice Sdk
3.5
CVSSv2
CVE-2017-6215
paypal/permissions-sdk-php is vulnerable to reflected XSS in the samples/GetAccessToken.php verification_code parameter, resulting in code execution.
Paypal Php Permissions Sdk
4.3
CVSSv2
CVE-2015-9373
PayPal Pro Add-on for iThemes Exchange prior to 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
Webdevstudios Ithemes Paypal Pro
5
CVSSv2
CVE-2005-0936
Cross-site scripting vulnerability in products1h.php in ESMI PayPal Storefront allows remote malicious users to inject arbitrary web script or HTML via the id parameter.
Esmi Paypal Storefront 1.7
1 EDB exploit
NA
CVE-2022-3822
The Donations via PayPal WordPress plugin prior to 1.9.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in m...
Tipsandtricks-hq Donations Via Paypal
NA
CVE-2023-47239
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Scott Paterson Easy PayPal Shopping Cart plugin <= 1.1.10 versions.
Wpplugin Easy Paypal Shopping Cart
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »