Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
paypal paypal - vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2023-25702
Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25 versions.
Fullworksplugins Quick Paypal Payments
6.1
CVSSv3
CVE-2023-25713
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25 versions.
Fullworksplugins Quick Paypal Payments
5.4
CVSSv3
CVE-2017-6213
paypal/invoice-sdk-php is vulnerable to reflected XSS in samples/permissions.php via the permToken parameter, resulting in code execution.
Paypal Php Invoice Sdk
5.4
CVSSv3
CVE-2017-6215
paypal/permissions-sdk-php is vulnerable to reflected XSS in the samples/GetAccessToken.php verification_code parameter, resulting in code execution.
Paypal Php Permissions Sdk
NA
CVE-2005-0936
Cross-site scripting vulnerability in products1h.php in ESMI PayPal Storefront allows remote malicious users to inject arbitrary web script or HTML via the id parameter.
Esmi Paypal Storefront 1.7
1 EDB exploit
5.4
CVSSv3
CVE-2022-3983
The Checkout for PayPal WordPress plugin prior to 1.0.14 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks
Noorsplugin Checkout For Paypal
6.1
CVSSv3
CVE-2015-9373
PayPal Pro Add-on for iThemes Exchange prior to 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
Webdevstudios Ithemes Paypal Pro
6.1
CVSSv3
CVE-2022-48345
sanitize-url (aka @braintree/sanitize-url) prior to 6.0.2 allows XSS via HTML entities.
Paypal Braintree\\/sanitize-url
8.8
CVSSv3
CVE-2023-24405
Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Contact Form 7 – PayPal & Stripe Add-on plugin <= 1.9.3 versions.
Wpplugin Paypal \\& Stripe Add-on
4.8
CVSSv3
CVE-2021-24815
The Accept Donations with PayPal WordPress plugin prior to 1.3.2 does not escape the Amount Menu Name field of created Buttons, which could allow a high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Wpplugin Accept Donations With Paypal
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »